Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX vlan routing

Hi,

Two vlans on the PIX 506 interface at 6.3 code. Is it possible to use these logical interfaces in exactly the same way as physical ones? i.e. Can access lists be applied and packets enter the firewall on vlan x and be permitted/denied to vlan y, where x and y are vlans on the same physical interface? In other words, as long as they are permitted to do so by policy, packets can route in and out the same physical interface on different vlans? ASA definitley supports this since I have done this numeorus times. However, I recall someone saying you can't do on a stick rouitng with the PIX. Surely you can?? I emphasise it's 6.3 I am using.

Sorry for this very basic question; cco doesn't make this clear. I have no access to our lab until Monday to work it out either!

Cheers, Steve

1 ACCEPTED SOLUTION

Accepted Solutions

Re: PIX vlan routing

Hi,

Quick answer is yes, you can, as long as it's between two interfaces (which can be either phyical or logical). PIX 6.3 doesn't support "on a stick" routing either on phyical or logical interfaces (7.0 does though), but between two interfaces is perfectly feasible.

HTH

Andrew.

2 REPLIES

Re: PIX vlan routing

Hi,

Quick answer is yes, you can, as long as it's between two interfaces (which can be either phyical or logical). PIX 6.3 doesn't support "on a stick" routing either on phyical or logical interfaces (7.0 does though), but between two interfaces is perfectly feasible.

HTH

Andrew.

New Member

Re: PIX vlan routing

Thanks Andrew. I thought as much but can't test it until Monday.

Nice weekend.

Steve

104
Views
0
Helpful
2
Replies