Making 10.10.10.0 talk to 10.10.11.0 and 12.0

[StephenWyker]

Stupid question, I know, but I want to make my lan, which is 10.10.10.0 with a pix 501 at 10.10.10.1 be able to talk to 10.10.11.0 and 10.10.12.0. I simply want to separate our servers, from workstations, from VOIP equipment.

Could someone help me with what it's called and the commands?

 

[joeyrego]

Are these vlans set up on the pix? Are the vlans on a L3 switch behind the router? Are they interfaces on the pix? If they are interfaces just make the interface you want to talk to other networks the higher interface.

 

[Supergrrover]

You will need another device like a router or another pix on the internal network to do that function. The 501 does not support vlans.

The asa5505 and the 5510 with security plus licenses can do 3 vlans and the 5510 can do 10-25 vlans respectively.


Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[judgestone]

Here is the example of what I did:

1. Layer 3 Switch with vlans 10.10.60.X, 61.X, 62.X, etc. Configured routing on the switch. Default vlan ip: 10.10.60.254 and gave each of the other vlans .254. Enable groupings on it to allow them to talk to each other.

2. Pix 506e set up host networks on inside interface of 10.10.60.X, 61.X, etc.

3. Pix 506e - command line from PDM and used command:

route inside 10.10.61.0 255.255.255.0 10.10.60.254 1
route inside 10.10.62.0 255.255.255.0 10.10.60.254 1
route inside 10.10.63.0 255.255.255.0 10.10.60.254 1

You could name the host network of 10.10.61.0 to say servers then it would read.

route inside servers 255.255.255.0 10.10.60.254 1

Hope this helps?

I have two locations and had to create vlan rules also in the Pix 506e but thats a different story.