Pix and routes
Hi,
have a question about pix and routing to other vlans.
I have a catalyst 3750 behind a pix 525. The catalyst has several vlans configured. The
pix is connected to vlan 110. I need to give an outside user access to another vlan ( vlan 120 ).
How do i get the outside user routed to the other vlan.
pix 192.168.1.0/24
vlan 110 192.168.1.0/24
vlan 120 192.168.110.0/24
have a question about pix and routing to other vlans.
I have a catalyst 3750 behind a pix 525. The catalyst has several vlans configured. The
pix is connected to vlan 110. I need to give an outside user access to another vlan ( vlan 120 ).
How do i get the outside user routed to the other vlan.
pix 192.168.1.0/24
vlan 110 192.168.1.0/24
vlan 120 192.168.110.0/24
Pete Long
Firewalls cant route - you need to fire all traffic needing routing to a router (or a layer 3 switch if we are talking VLans)- using the "default route" command
Ofcourse you PIX can route. Every firewall that I work with can route and my experience on firewalls are netscreen, nokia(checkpoint), PIX, stonegate, Symantec, iptables
The question is what type of access you need for that user. And is you firewall connected with another interface to that VLAN?
The question is what type of access you need for that user. And is you firewall connected with another interface to that VLAN?
ASKER
my inside interface is connected to the vlan switch. On that vlan switch a have 5 different lans configured. Now i need
and source from the outside to connect to my client vlan.
The answer is no, only interface connected to the switch is the inside interface. After that i need to
route the traffic forward. The thing that i cant figure out is how to route the traffic after i setup the static command.
Maybe this wont work
Pete, the catalyst is a L3 device and is already routing traffic.
and source from the outside to connect to my client vlan.
The answer is no, only interface connected to the switch is the inside interface. After that i need to
route the traffic forward. The thing that i cant figure out is how to route the traffic after i setup the static command.
Maybe this wont work
Pete, the catalyst is a L3 device and is already routing traffic.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thx bloem!
Actually everything was correct on the switch and pix. My static line on the pix
was wrong. When i reconfigured the static everything worked great.
Actually everything was correct on the switch and pix. My static line on the pix
was wrong. When i reconfigured the static everything worked great.
Yes, it will work.
Do you have a static route on the PIX
route inside 192.168.100.0 255.255.255.0 192.168.1.x (X=switch vlan 110 IP address)
Do you have a default on the switch that points to the PIX?
ip route 0.0.0.0 0.0.0.0 192.168.1.y (Y=PIX inside IP)
Do you have a static route on the PIX
route inside 192.168.100.0 255.255.255.0 192.168.1.x (X=switch vlan 110 IP address)
Do you have a default on the switch that points to the PIX?
ip route 0.0.0.0 0.0.0.0 192.168.1.y (Y=PIX inside IP)
Your welcome