[c-nsp] Cat6509 and transparent firewall

Ruben Alvarez raa at opusnet.com
Thu Nov 15 15:58:46 EST 2007


All,

The first solution I tried works.  You can add a ip address secondary on a
VLAN interface.  Works great.

-----Original Message-----
From: Richard Golodner [mailto:rgolodner at infratection.com] 
Sent: Monday, November 12, 2007 6:28 PM
To: 'Ruben Alvarez'
Subject: RE: [c-nsp] Cat6509 and transparent firewall

Ruben, let us all know how you have made out. This is an interesting one.
Best of luck, and skill.
	Richard

-----Original Message-----
From: Ruben Alvarez [mailto:raa at opusnet.com] 
Sent: Monday, November 12, 2007 7:30 PM
To: 'Richard Golodner'
Cc: cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] Cat6509 and transparent firewall

No NAT.  we are testing this in a lab so I'll know if it works beforehand.
I'm going to trunking with the PF or secondary VLAN.

-----Original Message-----
From: Richard Golodner [mailto:rgolodner at infratection.com] 
Sent: Monday, November 12, 2007 2:00 PM
To: 'Ruben Alvarez'
Subject: RE: [c-nsp] Cat6509 and transparent firewall

Ruben, what kind of Natting scheme is the client using. I think that needs
to be explored before your question can be answered. If there is none, then
you may be able to trunk the switchport. If you have the hardware, try and
replicate the config and see what happens. I am no expert but have had some
experience with pf.
	Sincerely, Richard Golodner

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Ruben Alvarez
Sent: Monday, November 12, 2007 4:24 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Cat6509 and transparent firewall

Hello,

I have a client with a transparent firewall connected to my Cat 6509.  Its
running PF firewall running on a server and currently I have then on a VLAN
with an interface VLAN as their gateway.  The client has requested more IP
addresses.  They don't want to renumber and I can't expand their current /28
so I'm trying to think of a way to route another subnet to them.

My first thought was to give them another VLAN and turn their switchport to
a trunk, but I don't know if a firewall like that can trunk with a Cisco
switch.  Anyone have any ideas about this?  The firewall has no IP address
for it is a bridge.

Thanks.



_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/







More information about the cisco-nsp mailing list