Cisco DMZ switch setup

[newtonetworks]

Hello everyone,

I have a small problem I am hoping someone can offer some assistance with.

I have set up a test network using a pix 515e, and a 3750g switch. I have 1 interface on the pix in the 10.10.1.1 network, which is my internal lan. I have another interface on the pix with IP address 10.10.2.1, which is my DMZ network.

Both interfaces patch into the 3750g, the internal pix interface into port 1/0/1, and the DMZ interface into 1/0/15. Vlan 1 on the switch has IP address 10.10.1.250.

I also have 2 servers in vlan99 (dmz vlan) on the switch, which 1/0/15 is a member of. Vlan 99 has IP address 10.10.2.250. The 2 servers have a default gateway of 10.10.2.1 (dmz interface on the pix). These 2 servers cannot ping the default gateway, but I can ping the servers from the switch.

There is only 1 route on the switch which is the default route to 10.10.1.1.

Does anyone know why I cannot reach the DMZ interface on the pix from the switch?

Any assistance would be greatly appreciated.

Thanks
n

 

[burtsbees]

Can you ping from the PIX inside int to the servers? Can you post a sh run of the PIX and the 3750? Can the servers ping each other? Why can't I put the words each and other together, like "eachother", without the spell check underlining it???

Burt

 

[VinceWhirlwind]

Your 3750 should have IP routing disabled and you should remove the IP address from its VLAN 99 interface.

Then you need to check the link from Switch to DMZ PIX port:
- link lights?
- Show interface? (Up/Up?)
- Ping?

Got any rules on the PIX yet?

PIX log?

 

[burtsbees]

Why should they not route their own vlans in the 3750???

Burt

 

[VinceWhirlwind]

Why bother? The PIX does the routing and wouldn't you prefer to filter access (if you allow access, which I personally wouldn't) between VLANs on the PIX?

If he had multiple internal VLANs, that would be a different story.