Cisco Support Community
Community Member

vlan with Pix

hello, i need an help to configure my ISP scnerio, in our scnerio Perimiter router is connected with pix out interface and pix in intrface is conected with switch and Servers are DMZ on third interface on the other hand switch is connected with other networks via vlan it is 2950 cisco switch. my question is that can i connect trunk port of switch with Pix 515E? Pix 515E can support intervlan routing? if it can support can u plz give an example?


Cisco Employee

Re: vlan with Pix

Sure it can. Upgrade it to v7 and then follow this link:

Basically set up a trunk port between the PIX and the switch. Let's say you plug that trunk port into Fastethernet0 on th ePIX, your config then looks like:

interface fastethernet0

   no shut

interface fastethernet0.20

   vlan 20

   nameif inside

   ip address x.x.x.x

   security-level 100

interface fastethernet0.30

   vlan 30

   nameif dmz1

   ip address y.y.y.y

   security-level 50

interface fastethernet0.40

   vlan 40

   ip address z.z.z.z

   nameif dmz2

   security-level 60

You can just add as many sub-interfaces as you like, and add that vlan to the trunk from the switch. The PIX treats these sub-interfaces just like any separate interface and will route between them as normal. Same security level procedures apply just like any other interfaces on the PIX.

CreatePlease to create content