TOPIC: Routing between 2 networks using ASA 5505 and PIX 501

I wish to setup 2 seporate networks, with their own subnets and internet access with their own gateways to see each other. I have a CISCO ASA 5505 as the gateway/firewall device on a network with the subnet of 192.168.60.X and a second network with a CISCO PIX 501 as the gateway/firewall device on a network with the subnet of 192.168.22.X. I want to be able to connect the two networks together (thru a ethernet cable) and have PC's on each network able to connect to PC's on both networks, but still use their own internet gateways. How could this be done?

Here is a small diagram of how I am currently setup

...........................................Internet
.........................................../..........\
........................................../............\
........................................./..............\
..................................ASA5505......PIX501
....................................|........................|
....................................|........................|
............................48 port SW........48 port SW
.........................192.168.60.X.....192.168.22.X
............................Network..............Network


One network is in one building, the other is in a second building. Currently there is an ethernet cable between the buildings (distance is close enough for a 100 mbit connection) but I need a router to connect the 2 networks. I want them to use their own Internet, and their own DHCP servers, but still be able to access PC's by IP address as if they were on the same network. (with out setting up multiple gateways on the PC's) Is there some way to setup like a third route on the two CISCO machines so that PC's on both networks can see each other?

I was thinking of something like this:

...........................................Internet
.........................................../..........\
........................................../............\
........................................./..............\
..................................ASA5505......PIX501
....................................|...........\............|
....................................|.............\..........|
............................48 port SW......\.48 port SW
.........................192.168.60.X.....192.168.22.X
............................Network..............Network

So I thought that on the ASA I might be able to setup like a VLAN3 or something and connect the cable from the 192.168.22.X network switch to be connected to the ASA interface 2 (while 0 is the Outside Internet, and 1 is the 192.168.60.X network) and on the PIX501, just a routing table mention that anytime a PC is looking for and IP in the 60 range, it would go to the IP address of the port for the VLAN3 on the ASA. Would anyone be able to help me to design this?

Sorry but I am a real newbie with these CISCO devices.

Hello!

In my opinion the best way to configure this would be with a Site-To-Site VPN... For more info please check:

www.cisco.com/en/US/docs/security/asa/as.../guide/site2sit.html


Hope this helps!

That is a good idea, but the Internet access is too slow for the communications that need to go between the sites. I need the 100 MBIT connection for some applications to run. Also, the PIX and ASA already run VPN tunnels to a Data Centre for other shared application server access, so that idea won't work for this. I need to set up some sort of a route between the sites using the ethernet cable connection that goes between the two buildings.

Your idea is valid, but the only reason I think it will NOT work is because the Pix does not allow traffic to exist the same interface it entered (even if you placed a route to do so). If you want I can give you the simple commands to try it, but I don't think it will work.

You could do it by defining 2 logical interfaces (Vlan interfaces) on the inside interface of the Pix (provided your switch supports trunks). So one would be for the 192.168.22.x and the other is for the link between the two buildings. But all that depends on the the license you have on the Pix. Can you post a show version output for the Pix. As far as I know the Pix501 unfortunatly does NOT support vlans :?