PIX 501: Multiple IP Addresses on the Untrusted Interface
I'm interested in using a PIX 501 as a firewall for two devices. What
I would like to do is assign two ip addresses to the untrusted
interface, then perform a one to one NAT. Is this possible on the PIX
Re: PIX 501: Multiple IP Addresses on the Untrusted Interface
In article <email@example.com >,
Winsotn Wolf <firstname.lastname@example.org> wrote:
:I'm interested in using a PIX 501 as a firewall for two devices. What
:I would like to do is assign two ip addresses to the untrusted
:interface, then perform a one to one NAT. Is this possible on the PIX
Not in the way you phrase it, no, but the effect you want is
Not the way you phrase it because any interface can only be assigned
a single IP address. But that only matters for firewall management
and IPSec purposes.
What you should do is simply use as many 'static' as you need.
static (inside, outside) 184.108.40.206 192.168.33.98 netmask 255.255.255.255
static (inside, outside) 220.127.116.11 192.168.33.47 netmask 255.255.255.255
The PIX can work with an indefinite number of outside IPs in this
manner, and they do not need to be in the same subnet. Make sure,
though, that all the appropriate IP addresses are routed to the PIX
outside IP by your router, or make sure the conditions are right for
proxy-arp to be effective.
Any sufficiently advanced bug is indistinguishable from a feature.
-- Rich Kulawiec
|All times are GMT. The time now is 03:10 PM.|
Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.