Currently, we have a Cisco PIX firewall model 525, IOS 6.0(2) Pentum III 600MHz with 128MB Ram with 2GE and 2FE ports. The Cisco PIX firewall device manager is version 1.1(2).
The Cisco PIX firewall gigabit interface 0/1 connects to a Cisco 6500 switch module gigabit 2/1 and assigned VLAN 2. Network and subnet mask statement is 184.108.40.206 255.255.254.0
The Cisco PIX firewall inside gigabit interface currently supports one flat IP network, while the outside gigabit interface connects to a Cisco 6500 switch with MSFC used as the default gateway.
Current Inside gigabit network interface g0/1
--- 220.127.116.11 255.255.254.0
NEW Suggested Inside gigabit network interface g0/1
--- 18.104.22.168 255.255.254.0
Outside gigabit network interface g0/2
--- 192.168.1.1 255.255.255.240
We need connectivity between VLAN 2 and VLAN 3 and the outside world. To enable communication between the two VLANS and to the outside world requires a trunk link between the Cisco PIX firewall gigabit 0/1 interface and the Cisco 6500 port G2/1 RIGHT?
Does our current PIX firewall software/hardware support trunking in this configuration?
Should we use ISL or 802.1q protocol? Does it matter?
Should we combine VLAN 2 and VLAN 3 into one flat IP VLAN with a subnet mask of /22?
Are you using a separate 6500 switch for PIX's outside interface? If I understand it correctly, PIX's INSIDE (gi0/1) is connected to Cat6500 (gi2/1). Then PIX's OUTSIDE is connected to another 6500 with MSFC. If VLANs 2 and 3 are located behind the INSIDE interface of the PIX, I think you should combine them to be able to pass through the PIX since the PIX doesn't support trunking.
The Cisco 6500 switch named "Inside-A" does not have an MSFC, the firewall is the default gateway for the current vlan 2 on G0/1 interface. I plan to add another vlan, vlan 3 to the Cisco 6500 switch "Inside-A".
I need the firewall to also be the default gateway for this vlan 3 on the same g0/1 interface as vlan 2.
Yes, the outside switch is a different switch named "Outside-B"
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...