Can a Cisco PIX 501 pass traffic to multiple VLANs?
Here is my set up
DSL--->Cisco Pix 501(IP is in LAN subnet)--->Switch (LAN Subnet wit clients attached)--->Cisco Router---->Switch with 8VLANs (all different subnets than the LAN subnet)
Static routing is configured and working for all VLAN subnets on the PIX and cisco router, a default route is configured on the PIX and Cisco router.
I can get on the internet from the VLANs out through the PIX and ping the PIX LAN IP.
I cannot access any clients on LAN from the VLANs and all clients on the LAN cannot access any clients on the VLANS.
I can ping all clients on the VLANs from inside the PIX and I can ping all clients in the LAN from the Cisco router.
I am not sure where the problem lies, i am thinking I need some type of access list but I have tried quite a few with no luck.
Has anyone come across this type of problem.
Thanks
DSL--->Cisco Pix 501(IP is in LAN subnet)--->Switch (LAN Subnet wit clients attached)--->Cisco Router---->Switch with 8VLANs (all different subnets than the LAN subnet)
Static routing is configured and working for all VLAN subnets on the PIX and cisco router, a default route is configured on the PIX and Cisco router.
I can get on the internet from the VLANs out through the PIX and ping the PIX LAN IP.
I cannot access any clients on LAN from the VLANs and all clients on the LAN cannot access any clients on the VLANS.
I can ping all clients on the VLANs from inside the PIX and I can ping all clients in the LAN from the Cisco router.
I am not sure where the problem lies, i am thinking I need some type of access list but I have tried quite a few with no luck.
Has anyone come across this type of problem.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
One other note on this. I changed the DHCP server to be the router instead of the PIX. The PIX would not allow me to change what it gave out as the DHCP default gateway. I set the PIX up to use the router as its DHCP relay.
the LAN clients would likely be in the native VLAN - and hence should be unable to see and pass traffic to hosts on other Vlans.