All, The first solution I tried works. You can add a ip address secondary on a VLAN interface. Works great.
-----Original Message----- From: Richard Golodner [mailto:[EMAIL PROTECTED] Sent: Monday, November 12, 2007 6:28 PM To: 'Ruben Alvarez' Subject: RE: [c-nsp] Cat6509 and transparent firewall Ruben, let us all know how you have made out. This is an interesting one. Best of luck, and skill. Richard -----Original Message----- From: Ruben Alvarez [mailto:[EMAIL PROTECTED] Sent: Monday, November 12, 2007 7:30 PM To: 'Richard Golodner' Cc: cisco-nsp@puck.nether.net Subject: RE: [c-nsp] Cat6509 and transparent firewall No NAT. we are testing this in a lab so I'll know if it works beforehand. I'm going to trunking with the PF or secondary VLAN. -----Original Message----- From: Richard Golodner [mailto:[EMAIL PROTECTED] Sent: Monday, November 12, 2007 2:00 PM To: 'Ruben Alvarez' Subject: RE: [c-nsp] Cat6509 and transparent firewall Ruben, what kind of Natting scheme is the client using. I think that needs to be explored before your question can be answered. If there is none, then you may be able to trunk the switchport. If you have the hardware, try and replicate the config and see what happens. I am no expert but have had some experience with pf. Sincerely, Richard Golodner -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ruben Alvarez Sent: Monday, November 12, 2007 4:24 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Cat6509 and transparent firewall Hello, I have a client with a transparent firewall connected to my Cat 6509. Its running PF firewall running on a server and currently I have then on a VLAN with an interface VLAN as their gateway. The client has requested more IP addresses. They don't want to renumber and I can't expand their current /28 so I'm trying to think of a way to route another subnet to them. My first thought was to give them another VLAN and turn their switchport to a trunk, but I don't know if a firewall like that can trunk with a Cisco switch. Anyone have any ideas about this? The firewall has no IP address for it is a bridge. Thanks. _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/