Hello all, I am hoping someone can shed some light on this for me. I am trying to set up multiple vlans on my pix box, i.e. vlan2 for subinterface e1.1 and vlan3 for subinterface vlan3. The pix keeps telling me that I need to add a failover license, is that the case for VLAN implementation? Also can the pix box route between the vlans, i.e. I don't have control of my local router so I need to have the pix do it, if possible.
I really dont think failover is a mandatory thing for vlan implementation... havent seen any docs stating this... when implementing vlans on pix, each vlan is a kind of DMZ interface on the PIX.
so, to communicate between vlans, you need to define the statics and ACLs on the PIX, just as defining between normal interfaces (inside/outside etc)... so, pix as a box will route traffic between vlans...
hope this helps.. all the best.. rate replies if useful..
I havn't seen any docs saying that either, however once you set up a subinterface it "thinks" you are setting up a failover interface (I assume) - so when the pix reloads it gives the error, "invalid command at line 38 - failover license required".
Ok on the statics, makes sense. However documentation about vlans and the pix is pretty hard to find, all they say is that starting with pix 6.3 vlan support was added. I am running 7.0(4).
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...