Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Add extra IPs to outside interface in 506E

Reply
Thread Tools

Add extra IPs to outside interface in 506E

 
 
The Techie
Guest
Posts: n/a
 
      04-19-2006
I have a PIX 506E with a single public IP on it's outside, but we have
4 more IPs available to us in a /30 subnet. I need to know if I can add
these extra IPs to the outside interface and set up translation rules
to different servers inside.

How??

Anyone?

Cheers,

Chris.

 
Reply With Quote
 
 
 
 
AM
Guest
Posts: n/a
 
      04-19-2006
The Techie wrote:

> I have a PIX 506E with a single public IP on it's outside, but we have
> 4 more IPs available to us in a /30 subnet. I need to know if I can add
> these extra IPs to the outside interface and set up translation rules
> to different servers inside.


I think you needn't to "add" more IP addresses to the interface. Just use the translations (static NAT) rules and the
PIX will intercept all the traffic going towards those addresses and if correctly configured it will forward the traffic
of interest to internal servers.
Obviously those 4 addresses must be forwarded to it by the previous hop.
Bye,

alex.
 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      04-19-2006
In article <8iq1g.88549$(E-Mail Removed)>, AM <(E-Mail Removed)> wrote:
>The Techie wrote:


>> I have a PIX 506E with a single public IP on it's outside, but we have
>> 4 more IPs available to us in a /30 subnet. I need to know if I can add
>> these extra IPs to the outside interface and set up translation rules
>> to different servers inside.


>I think you needn't to "add" more IP addresses to the interface. Just
>use the translations (static NAT) rules and the
>PIX will intercept all the traffic going towards those addresses and if
>correctly configured it will forward the traffic
>of interest to internal servers.
>Obviously those 4 addresses must be forwarded to it by the previous hop.


Expanding slightly on what AM said:

It is not possible to get the PIX itself to respond to multiple IP
addresses for a single [logical] interface. That is, the PIX *itself*
cannot be made to respond to pings to different addresses, nor can you
have multiple VPN termination IPs on a single [logical] interface,
nor can you manage the PIX (telnet, ssh, PDM, ASDM for PIX 7)
through several IPs on the same interface. (This can be of importance
when the IPs you would -like- to use are on different subnets and
there is no router path you can use.)

The PIX is, though, happy to handle any number of different IPs
for traffic passing *through* the PIX. It will often proxy ARP for
the IPs (no matter what subnet they are), but there are some instances
in which proxy ARP is disabled so it is best not to count on that and
to instead explicitly route the extra IPs to the official PIX interface IP.
 
Reply With Quote
 
NETADMIN
Guest
Posts: n/a
 
      04-19-2006

Their are 2 possibility to use extra IPaddresses

1. PAT thats is patting all internal IPs to extra IPs for better
performance of Web traffic.

2. Static NAT that is statically mapping IP one to one (extrnal IP to
internal server)

If not inthis two icant understand whatyou aksed pleas ebe more
specific?


Regards..
CK-NET

 
Reply With Quote
 
The Techie
Guest
Posts: n/a
 
      04-20-2006
Hi Alex,

I suspected this was the case, but my previous config attempts must
have been wrong! I have just now created a new static PAT through to a
host on the inside, using one of my alternate IPs, and with the correct
port opened in the ACL, the connection worked fine. Thanks for your
assistance.

Chris.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
HSRP: virtual IPs without real IPs? Martijn Lievaart Cisco 4 02-15-2012 08:16 AM
Pix 506e w/5 static outside IPs - How to create a rule to allow ALL tcp/udp traffic from one outside IP to an internal IP (for an internal router/NAT with it's own subnet) kyoo Cisco 22 04-12-2008 03:37 PM
help with pix inside->outside + dmz->outside + inside->outside->dmz Jack Cisco 0 09-19-2007 01:57 AM
Setting up a router with 29 Global IPs, BUT can't ping router internal interface from server or server interface from router war_wheelan@yahoo.com Cisco 1 12-14-2005 03:31 PM
PIX 506E Routing from Inside Interface network To outside interface network marti314 Cisco 1 08-05-2005 02:50 AM



Advertisments