Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   PIX 501: Multiple IP Addresses on the Untrusted Interface (http://www.velocityreviews.com/forums/t30972-pix-501-multiple-ip-addresses-on-the-untrusted-interface.html)

Winsotn Wolf 12-15-2003 04:20 PM

PIX 501: Multiple IP Addresses on the Untrusted Interface
 
I'm interested in using a PIX 501 as a firewall for two devices. What
I would like to do is assign two ip addresses to the untrusted
interface, then perform a one to one NAT. Is this possible on the PIX
501?

Thanks!

Walter Roberson 12-15-2003 04:45 PM

Re: PIX 501: Multiple IP Addresses on the Untrusted Interface
 
In article <5f91a48e.0312150820.25fd6eb7@posting.google.com >,
Winsotn Wolf <winston.wolf@mindspring.com> wrote:
:I'm interested in using a PIX 501 as a firewall for two devices. What
:I would like to do is assign two ip addresses to the untrusted
:interface, then perform a one to one NAT. Is this possible on the PIX
:501?

Not in the way you phrase it, no, but the effect you want is
certainly possible.

Not the way you phrase it because any interface can only be assigned
a single IP address. But that only matters for firewall management
and IPSec purposes.

What you should do is simply use as many 'static' as you need.
For example,

static (inside, outside) 4.9.11.15 192.168.33.98 netmask 255.255.255.255
static (inside, outside) 58.223.77.129 192.168.33.47 netmask 255.255.255.255

The PIX can work with an indefinite number of outside IPs in this
manner, and they do not need to be in the same subnet. Make sure,
though, that all the appropriate IP addresses are routed to the PIX
outside IP by your router, or make sure the conditions are right for
proxy-arp to be effective.

--
Any sufficiently advanced bug is indistinguishable from a feature.
-- Rich Kulawiec


All times are GMT. The time now is 03:23 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.