ggmisadmin
asked on
two VLANs end two different PIXs as gateway
My LAN network is composed of 1 3560G catalyst switch used as a distribution where my routers, servers are connected and a 2950 catalyst switch used as access switch for computers and printers. A new company, composed of only 5 people, will soon merge with us but, as our internal policy, they will have to use a different gateway (PIX firewall) to go out internet. Both PIX firewall are connected to the 3560G but in two different VLANs. So the network will have:
VLAN1 192.168.150.0 gatway1/PIX1 IP: 192.168.150.1
VLAN2 192.168.160.0 gatway2/PIX2 IP: 192.168.160.1
My internal DNS is on VLAN1 (192.168.150.6) , how can I configure PIX2 to resolve the domain-name using my internal DNS ? Do you think it`s better using the 3560G switch as L3 to route between the two VLANs or the PIX works just fine for that? In case I use the PIX as L3, does it need to have two internal interfaces (besides the external to internet) on two different VLANs in order to route?
Thank you for help!!!!
VLAN1 192.168.150.0 gatway1/PIX1 IP: 192.168.150.1
VLAN2 192.168.160.0 gatway2/PIX2 IP: 192.168.160.1
My internal DNS is on VLAN1 (192.168.150.6) , how can I configure PIX2 to resolve the domain-name using my internal DNS ? Do you think it`s better using the 3560G switch as L3 to route between the two VLANs or the PIX works just fine for that? In case I use the PIX as L3, does it need to have two internal interfaces (besides the external to internet) on two different VLANs in order to route?
Thank you for help!!!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
yes you will need to enter the default gateways
routing will take care of the traffic.
there is no need for access-lists.
However if you wish to increase security
once traffic is routing correctly, add access-lists to limit the connectivity.
routing will take care of the traffic.
there is no need for access-lists.
However if you wish to increase security
once traffic is routing correctly, add access-lists to limit the connectivity.
ASKER
Does it means that people on Vlan2 need to have vlan2 interface's IP as default gateway? In that case how the switch know how to forward internet traffic to the PIX whose IP is 192.168.160.1 ?
Do I need to create an ACL such as: "access-list 100 permit udp any host 192.168.150.6 eq 53" and apply this on Vlan2 interface? Is that enought for allowing DNS-traffic?
Thank you!