Cisco Support Community
Community Member

Designing with VLANs on a 515 (6.3(3))

I've tried to configure a 515 with 3 interfaces outside, inside and DMZ.

In DMZ i configured 1 physical VLAN and 3 logical VLANs. One VLAN is used to but in all 'DMZ'servers and they will be seperated with private vlans.

When i configure rules on the pix from server A to server B an error will occur because i try to set rules to the same interface (VLAN), which isn't possible.

Reason that i wanted to do this is because it is easier to manage.

Is there an other solution then just put every server or servergroup in a different logical VLAN?

Community Member

Re: Designing with VLANs on a 515 (6.3(3))

I'm not sure I understand what your goal is.

Community Member

Re: Designing with VLANs on a 515 (6.3(3))

What are the servers connected to on the dmz?

From my understanding the PIX is not truly a router.

In order for hosts on different vlans to communicate they have to communicate thru a router. This would require a vlan trunk be setup between the switch and a router.

I don't think the PIX is capable of doing this, though I am not entirely sure.

Hope this helps!

Re: Designing with VLANs on a 515 (6.3(3))

Just a minor clarification here...

The PIX will route packets between all interfaces if if the appropriate rules and translations are enabled. It does not matter if the interfaces are physical or logical.

I still do not quite understand the original question though. Can you give us some more detail concerning exactly what you are doing?


CreatePlease to create content