Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

interconnect vlan with pix

Hi all

I have this configuration :

switch catalyst 2950 (SI) with vlan 2 and vlan 3 and one port on native vlan (vlan 1) which is the trunk port. Trunk port is connected to the inside interface of my pix 515.

On pix i create vlan2 on physical interface and vlan3 on logical interface.

The computers which are on vlan2 and vlan3 can ping the net but they can't ping pc which are on another vlan. I will that vlan can communicate between them.

I would know if it's infrastructure is possible and if yes how i can apply this to my network (with no router).

Thank you in advance



Re: interconnect vlan with pix

I think you need multiple physical interfaces on the PIX, one per VLAN, if you want to use it like a router to allow communications between VLANs. And I think that after two (or is it three?) physical interfaces you need to have the unrestricted license software, which costs more. At least, that's how it used to be.

The PIX can't do "hairpin turns", that is, send traffic back out the same interface it came in on. Unless something has changed recently. Routers and multilayer switches can do this, however.

Was not aware you could do physical and logical interfaces, either, and multiple VLANs, on a PIX. If this is a new capability, then maybe what you're running into is a permissions problem in the access-lists. Are ICMP echos permitted to go from one VLAN to the other, and are the ICMP echo-replys permitted to come back?

I guess I better read the latest manuals and see what I'm missing...

New Member

Re: interconnect vlan with pix

Thank you for your answer , it's really appreciate