aryoba
Premium,MVM
join:2002-08-22
edit:
December 20th, @07:05AM
| Assuming the application box acts as "full router", then you don't have to setup two subnets on it. Having two subnets in one box is a messy business and you really don't want to be in it. You can just use the 10.x.x.x, remove the 192.x.x.x, and still be able to go to the Internet.
Here are the steps:
1. Set the 3560 as VTP server and 2950 as VTP client
2. Create separate subnet for PIX inside interface, hosts of 3560, and hosts of 2950
As for the routing, static routes should be sufficient:
3. On the PIX, point the 10.x.x.x and 192.x.x.x traffic to the 3560 IP address.
4. I assume you can let the PIX default gateway as it is since it is working, correct? 
5. On the 3560, point the 10.x.x.x traffic to the application box IP address. Set the default gateway to the PIX inside interface IP address
6. On the application box, set the default gateway to the 3560 IP address.
Here is an illustration:
1) Let's say the subnets and VLANs are
172.16.0.0/30 for PIX inside interface (VLAN 2)
10.26.0.0/30 for 2950 switch management (VLAN 3)
192.168.0.0/24 for 3560 hosts (VLAN 10)
10.27.22.0/16 for 2950 hosts (VLAN 20)
2) Set 3560 as VTP server and 2950 as VTP client
3560:
Switch(conf)# vtp mode server
2950:
Switch(conf)# vtp mode client
3) Assume the following IP addresses:
172.16.0.1 for PIX inside interface
10.27.22.250, 10.26.0.1, 172.16.0.2, and 192.168.0.250 for 3560
10.27.22.100 for the application box
10.26.0.2 for the 2950
4) PIX configuration
ip address inside 172.16.0.1 255.255.255.252
route inside 10.0.0.0 255.0.0.0 172.16.0.2
route inside 192.168.0.0 255.255.0.0 172.16.0.2
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
global (outside) 1 interface
5) 3560 configuration
interface VLAN1
description Switch Management - DO NOT USE
shutdown
interface VLAN2
description PIX Inside Subnet
ip address 172.16.0.2 255.255.255.252
interface VLAN3
description 2950 Management
ip address 10.26.0.1 255.255.255.252
interface VLAN10
description 3560 Hosts
ip address 192.168.0.250 255.255.255.0
interface VLAN20
description 2950 Hosts
ip address 10.27.22.250 255.255.0.0
ip route 0.0.0.0 0.0.0.0 172.16.0.1
6) 2950 configuration
interface VLAN1
description Switch Management - DO NOT USE
shutdown
interface VLAN3
description 2950 Management
ip address 10.26.0.2 255.255.255.252
ip default gateway 10.26.0.1
7) Application Box
IP Address: 10.27.22.100
Subnet: 255.255.0.0
Gateway: 10.27.22.250 |
