Thursday, March 19, 2009

PIX 6.X - Configuring Logical / VLAN interfaces

Scenario:
The inside/ethernet1 interface of the PIX will be mapped to two VLANs, VLAN1 with IP address 192.168.1.2/24 and VLAN2 with IP address 192.168.2.2. The outside interface has IP address 10.199.248.225/24

Topology:



[Thanks to former colleague Dan for the image.]


PIX 6 Configuration:

interface ethernet1 auto
nameif ethernet1 inside security100
address inside 192.168.1.2 255.255.255.0

interface ethernet1 vlan2 logical
nameif vlan2 inside2 security50
address vlan2 192.168.2.2 255.255.255.0

Notes:
Your Physical Interface is (by default), your VLAN1.


PIX 7 Configuration:

interface Ethernet1
nameif inside
security-level 100
ip address 192.168.1.2 255.255.255.0
no shut

interface Ethernet1.2
vlan 2
nameif inside2
security-level 50
ip address 192.168.2.2 255.255.255.0
no shut