I have a project to implement as attached in the diagram.i need u r valueable suggestions.the setup will as follows.
i will be having a firewall between my 6513 and the internet router.on the firewall nat will be implemented.i am planning to have 2 DMZ's.
one more router will be connecting to my branch office as attached in the diagram.
so as if my users have to go to internet they should go through firewall i understand that but when the traffic is returned where it should hit on 6513.as on 6513 i will be using msfc for intervlan routing and same for my branch office i little bit confused on the routes on PIX and the router through which i am connected to by branc office how should i define them.
waiting for responses.
I am not able to vsd on my machine but I what i understand from your description is you are confused with the return traffic.
I presume your setup is something like this
correct me if I am wrong.
What you can do is create one more vlan for PIX (firewall) and connect it to a layer 2 port on cat6k say vlan 10 for an example and create a SVI for vlan 10 on MSFC and assign it with a subnet address which you want you inside interface of PIX to be.
Add one default route on msfc to point to PIX inside interface ip.
Now what will happen is when any one from your network waan hit internet will reach its gateway that is MSFC respective vlan interface and from there it will check the default route and will reach the PIX and PIX will nat it and throw it to internet router and when the reply comes back then you need to assign some static routes on PIX.
You can assign static routes for different user vlans pointing towards the next op which will be SVI 10 on your MSFC and once it reaches MSFC , MSFC will route it to rexpective vlans.
Hope I am clear. If not please revert back with your doubts and if you have the diagramme in work or acrobat reader I can have a look.
Thanks for u r reply.u got me corectly.
Now so u want me to define static routes on pix and point to the SVI10 as their next hop.hope i have got u .so if thats the case then can i go for a default route and point it towards the SVI for all my subnets.and one more thing how abt the internet router.
u r comments please.
I will suggest not to define a default route on PIX but not sure what your PIX configuration is.
What route you have defined on PIX to go to Internet router? I mean once the traffic is natted it should go to internet router to hit internet so you must be having some default route on PIX to throw all internet request on internet router?
thanks for replying.u want me to define static routes on the pix pointing to my individual subnets on MSFC eg 192.168.1.0,192.168.2.0 pointing towards the SVI of the PIX on MSFC.PIX will have a default route pointing towards internet router ethernet interface can i go like this.or should i point it to serial inteface.yeh i am going to configure a default route on pix towards internet router.
Hope this clarifes.
Yes configure a individual static route for different subnets on MSFC on pix pointing to SVI of PIX on MSFC.
Now talking about a default route on PIX for internet configure a default route pointing towards internet router ethernet interface.
HTH, if yes please rate the post.
Hi thanks ankur
upto now i have got now may the last one on the internet router what should i define for the return traffic.i mean if iam going to define a static route where it should hit i mean on the pix.i mean it should hit on outside interface or inside.i think it should be outside.
Because your traffic for internet will move out via outside interface with natted ip from PIX to internet router you should have a static route on your internet router with an exit interface of the interface of router which is connectd to outside interface of PIX.
Lets say you outside interface of pix is connected to fa0/0 of internet router then static route will be
HTH, if yes please rate the post.
i am not able to get u.let me put it
users-cat6k--switch both pix and internet router are connected to this switch.so for going outside it is fine i have to define the default route of internet router ethernet interface as next hop now the confusin is for the return traffic what route i should define on the internet router weather it should be the outside interface of PIX or what.
192.168.0.5 pix inside
188.8.131.52 pix outside
184.108.40.206 router ethernet
on msfc i will be having a default route of 192.168.0.5 right then from pix SVI of PIXVLAN with individual subnets right now from PIX to router ethernet and from router to for eg outside world but for return what it should be from router to PIX.
Hope this clarifies.and sorry for u r making u annoyed.
What is the interface on internet router which is connected to the PIX outside interface? Lets say ethernet 0
Now you can have a static route on your internet router like this
ip route 220.127.116.11
Please rate all helpfull post.