Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 515E and HP Procuve Switches

We have a location that has a new Internet Circuit installed and a new PIX 515E. The site had pre-existing HP PRocurve 8000M switches installed without VLAN setup, Spanning Tree was setup.

The PIX firewall is utilizing 3 ethernet ports (Inside, Outside, and ethernet 2 which was renamed Frame for framed locations to gain access). The inside port has a plain 10/100 switch connected to it. After configuring the PIX, a PC connected also to that hub before any HP Procurve switches can gain access to the Internet and all framed sites as normal. PCs that are connected through the Procurve Switches cannot communicate with either Internet or Frame and can not be accessed from framed sites.

Has anyone run into this before? This is the only location of 200 that has these HP Procurve switches. All other locations configured this same way work fine.

Any help is appreciated.


Re: PIX 515E and HP Procuve Switches

I'm not sure I understand your topology.

The Pix's inside interface is connected to a hub or a ProCurve switch?

It sounds like you're saying all hosts on a paricular hub can access everything, but that hosts on the switches cannot?

Are all hosts on the same subnet/VLAN? No routers in between them and the Pix? Can the hosts on the ProCurves ping the Pix's inside interface? This doesn't sound like a firewall/Pix problem or a ProCurve problem, but rather an internal connectivity issue.

New Member

Re: PIX 515E and HP Procuve Switches

Basically, anything that is connected to just the hub can access anything on the Frame / WAN and the Internet. Any device connected on the Procurve switches cannot access anything beyond the firewall.

I am actually flying to this site with this problem on April 14 but any ideas just in case I can not figure it out will be helpful.

Some addiational info, The subnet we are using at this location is The Procurve switches reside in the to range also with the 22 bit mask applied.

The hosts on the Procurve switches can ping the inside interface of the PIX.

CreatePlease login to create content