Thursday, March 19, 2009

PIX 6.X - Configuring Logical / VLAN interfaces

The inside/ethernet1 interface of the PIX will be mapped to two VLANs, VLAN1 with IP address and VLAN2 with IP address The outside interface has IP address


[Thanks to former colleague Dan for the image.]

PIX 6 Configuration:

interface ethernet1 auto
nameif ethernet1 inside security100
address inside

interface ethernet1 vlan2 logical
nameif vlan2 inside2 security50
address vlan2

Your Physical Interface is (by default), your VLAN1.

PIX 7 Configuration:

interface Ethernet1
nameif inside
security-level 100
ip address
no shut

interface Ethernet1.2
vlan 2
nameif inside2
security-level 50
ip address
no shut