|
Posted by Walter Roberson on March 28, 2006, 7:58 pm
If you were Registered and logged in, you could reply and use other advanced thread options >We are going to share our Internet connection feed with a WAN connection.
>The ISP will do it using VLAN. My plan is to bring the feed to a swtich
>which supports VLAN and then split it to ports with different VLN ID, and
>take the Internet to the outside PIX (515, 6.3). My question.... Is that
>doable? Do I need to change anything on PIX? Do you see any issue with
>VLANing and PIX as long as I use a swith to split VLANs.
The PIX 515 running 6.3 software can handle several 802.1Q VLANs
directly -- that is, you could trunk several VLANs to the 515
and configure "logical" interfaces and pull the VLANs off as if
they were seperate physical interfaces. Whether you want to do that
or not depends on whether you are providing security for the other VLANs
or if they belong to other organizations.
If you are just using a plain stream out the 515 and the switch
is encapsulating into a VLAN, then you *might* need to reduce
the sysopt mss and/or the MTU by a few bytes, if there is any
equipment in the path that does not know about the extended
frame size that is often allowed for 802.1Q tagged packets.
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map