Tom's Hardware Forums » General Networking » General Gateways, Routers and Firewalls » Cisco PIX 506 and 2950
 

Cisco PIX 506 and 2950

Add a reply



 Word :   Username :  
 
Bottom
Author
 Thread : Cisco PIX 506 and 2950
 
cfike
Profile: stranger
More Information
n°85622
09-24-2006 at 05:46:53 PM

I've been trying to get an existing 2950 switch with 2 vlans (10 & 20) to talk with a PIX 506 firewall.

PIX s/w version 6.3(4)
Switch 12.1

The PIX has a static IP of 172.30.40.254.
The switch has a static ip of 172.30.40.15

The switch has vlan10 - 172.30.40.0
vlan20 - 172.30.70.0

When I plug the PIX into the switch, I can see the interface on the switch come up, but I can't ping the PIX from anything connected to the switch.

If I plug directly into the PIX, I can ping the router & get on the internet.

I believe I need to configure sub interfaces on the PIX, but the commands are just different enough on the PIX to make it very trying.

Any help would be appreciated

Related Pr oduct
 Register or log in to remove.

FredWeston
Profile: addict
More Information
n°85650
09-25-2006 at 03:35:52 AM

If you are going to be using subinterfaces on the PIX, then you need to make sure the port it is plugged into on the switch is set for trunking. Otherwise, the PIX won't be able to see all the VLAN info coming across. As for setting up the subinterfaces, you should be able to find out how to do it with a bit of Googling. If that doesn't work you could always call the TAC.

Zakkas
Profile: member
More Information
n°85667
09-25-2006 at 08:36:51 PM

Hi there Cfike,

I poked around on Cisco's site for you and found this: Firewall version 6.3 configuration guide.

It looks like you have the one of the first verions of IOS on the PIX that supported trunking. With 6.3 IOS though I don't see a way to configure subinterfaces on the PIX. That link should be able to help you do what you want.

Heh, yeah the PIX command set is completely different from a routers or switches.

Let me know how it goes.

Thanks

gstrother1
Profile: newbie
More Information
n°86129
10-12-2006 at 11:55:41 PM

The above posted talked about the trunk port not being configured. this was the first thing i thought about.
http://www.cisco.com/univercd/cc/t [...] cid2442336

#conf t
(config)#int fa0/1 (or whatever port is plugged into the pix)
(config-if)#switchport mode trunk

you will probably need to configure sub-interface ips (fa0/1.1 & fa0/1.2) and vlan assignments if you havnt done so already

and check your firewall rules on the pix to make sure your allowing connections from both internal networks.

Zakkas
Profile: member
More Information
n°86200
10-14-2006 at 04:35:29 PM

I think the biggest problem you'll have is getting the PIX to work the way you want it to. A PIX isn't a router and shouldn't be used as one because of how it handles packets.

If you can try to find a cisco router that you can configure the subinterfaces on and setup the vlans accordingly. Unless you can download the new IOS image from Cisco for your PIX. I don't think subinterfaces are supported on pre-7.0 IOS.

Also the "switchport mode trunk" command is used when you are stacking switches and have vlan's configured on multiple switches.


Go to:
Add a reply
  Tom's Hardware Forums » General Networking » General Gateways, Routers and Firewalls » Cisco PIX 506 and 2950
 

Forum map
MyDiscussions.Net Forum, Version 2007.1
© 2000-2006 No1Dev
Page generated in 0.504 seconds
Google Ads