«

I'm interested in using a PIX 501 as a firewall for two devices. What
I would like to do is assign two ip addresses to the untrusted
interface, then perform a one to one NAT. Is this possible on the PIX
501?

Thanks!

In article < >,
Winsotn Wolf <> wrote:
:I'm interested in using a PIX 501 as a firewall for two devices. What
:I would like to do is assign two ip addresses to the untrusted
:interface, then perform a one to one NAT. Is this possible on the PIX
:501?

Not in the way you phrase it, no, but the effect you want is
certainly possible.

Not the way you phrase it because any interface can only be assigned
a single IP address. But that only matters for firewall management
and IPSec purposes.

What you should do is simply use as many 'static' as you need.
For example,

static (inside, outside) 4.9.11.15 192.168.33.98 netmask 255.255.255.255
static (inside, outside) 58.223.77.129 192.168.33.47 netmask 255.255.255.255

The PIX can work with an indefinite number of outside IPs in this
manner, and they do not need to be in the same subnet. Make sure,
though, that all the appropriate IP addresses are routed to the PIX
outside IP by your router, or make sure the conditions are right for
proxy-arp to be effective.

--
Any sufficiently advanced bug is indistinguishable from a feature.
-- Rich Kulawiec