Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Implementing VLAN BEHIND FIREWALL

Hi all,

Current Scenario –

Internet->2600Router->Cisco 501 Firewall->7 2950 Switchs based LAN on 192.168.165.0. with 150 users.

Asked to . – Create and configuring 6 VLANs behind Firewall.

Questions.

How I’ll be make firewall see all Vlans with different subnets as one range – 192.168.165.0

Do I need to configure firewall for VLANS if yes then please advice how to do that?

All PC and servers are on same subnet. How I’ll make them to access internet through Firewall after putting into seprate vlans and subnets.

We have 3 VPN connection. Do i need to change anything regarding them too?

Please give suggestions.

Thanks in advance.

5 REPLIES
New Member

Re: Implementing VLAN BEHIND FIREWALL

Hi,

You can add a route in the PIX which is pointing towards your Core switch like below.

route inside 192.168.165.0 255.255.255.0 "core switch ip "

Again give a default route back to firewall inside inteface on core switch

i assumes that you already have a default route on PIX towards your 2600 router.

I hope this will work for you..

Jaison

Re: Implementing VLAN BEHIND FIREWALL

Hi Sid,

You 501 Pix supports Vlan with the code 6.3.4 or above. The problem is it supports only 3 vlans though. So you cannot configure your 501 for 6 Vlans. If you put your 501 in one vlan and make another vlans but still other vlans will not be able to access it as 2950 doesnot support inter-vlan routing. So to accomplish this what you need is a layer 3 switch on which you can set multiple vlans and have routing enabled between the different vlans.

You can got for 3550,3560,3750 or higher. You need to pass your interestig traffic from different vlans over the VPN tunnels. So just make sure that you traffic is following do diff locations from your Vlans.

HTH,

-amit singh

New Member

Re: Implementing VLAN BEHIND FIREWALL

Hi Amit

Thanks for quick response! Can you plase provide me detailed commands to configure VLans on PIX 506e? Can I use 1700 Router for interVlan routing? Please give the commands to setup on router.Can i have your email address?

Thanks in Advance

Sid

New Member

Re: Implementing VLAN BEHIND FIREWALL

Check the IOS version on the 2950, you may need to upgrade it to an EMI version or one that supports VLAN routing. Then choose one of these switches and configure it to support VLAN routing. Make sure you have the routes correctly on both 2950 and Pix.

Carlos Roque

Re: Implementing VLAN BEHIND FIREWALL

Sid,

Here is a link to configuring vlans on 506. With UR license you can have upto 2 logical vlan interfaces configured.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html#wp1113411

Also here is a link to intervlan routing on external router.

http://www.cisco.com/en/US/tech/tk389/tk390/technologies_configuration_example09186a00800949fd.shtml

If its a 1720 you cannot use it for inter vlan routing. 1721 can.

214
Views
7
Helpful
5
Replies