Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX DMZ VLAN, plus side question on VAC+

Issue:

Need to cfg. PIX 525 with a 2950 dmz switch. Would like to make VLANS on switch. Do not wish to use router on a stick to route between VLANS.

internet

router

|

outside

pix -- dmz switch (w vlans 2-6)

inside

prod network

It is my understanding that with 6.3.3 one can cfg logical ints on a Pix and have it to the routing between VLANS on a dmz switch. Is this true? I hope to aviod using .1q to the inside! So, can the PIX be cfg'd to get traffic to and from individual vlans on the dmz switch without consulting a router?

I read 6.3.1 etc., release notes and they give a very short example and discussion. Does anyone have a good, short, example cfg, similar to my situation, that they would be willing to share?

Side question:

Does anyone have solid figures on when a 525 needs a

VAC+ to handle 3des tunnels. The Cisco web site gives a nebulous suggestion. Any real world example would help me. Planning 3des to 3 peers, plus future addition of 40 peers w/ 3des.

Thanks,

D

1 REPLY
New Member

Re: PIX DMZ VLAN, plus side question on VAC+

Answering the first part of your question, yes its possible not sure if you went through this document but it has a sample configuration. You can configure this on any interface of the pix. It works only with 802.1q currently.

http://www.cisco.com/en/US/customer/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html#1113411

Also go through this document for better understanding of the commands that re being used,

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/gl.htm#1075586

103
Views
0
Helpful
1
Replies
CreatePlease login to create content