Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > PIX Routing

Reply
Thread Tools

PIX Routing

 
 
jhouse4@gmail.com
Guest
Posts: n/a
 
      06-05-2007
Hello, I have two pubilc /24 IP address ranges that are supplied to us
via our ISP. Both are assigned to the fast ethernet port as primary
and secondary IP addresses. How would I get all of the traffic that is
intended for the IP range that is the secondary IP range to pass
through seemlessly through our PIX firewall and access the intended
destination?

Router

Faste 0/0 1.1.1.1
2.2.2.2 (secondary)

PIX Outside interface 1.1.1.2

I hope that this makes sense.

Thanks!

 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      06-06-2007
In article <(E-Mail Removed) om>,
<(E-Mail Removed)> wrote:
>Hello, I have two pubilc /24 IP address ranges that are supplied to us
>via our ISP. Both are assigned to the fast ethernet port as primary
>and secondary IP addresses. How would I get all of the traffic that is
>intended for the IP range that is the secondary IP range to pass
>through seemlessly through our PIX firewall and access the intended
>destination?


>Router
>Faste 0/0 1.1.1.1
> 2.2.2.2 (secondary)


>PIX Outside interface 1.1.1.2


>I hope that this makes sense.


You change the routing on the router, something like

ip route 2.2.2.0 255.255.255.0 1.1.1.2

You would not need to make any changes on the PIX to support this
routing in itself. On the PIX, you would just use the normal static
commands and access-list entries (in the access-list assigned to
the outside interface via the 'access-group' command.)

You should NOT try to give the PIX outside interface an IP address
in the second IP range -- you won't be able to do it with that setup.


For example,

ip address outside 1.1.1.2 255.255.255.0
ip address inside 192.168.13.254 255.255.255.0
static (inside,outside) 1.1.1.79 192.168.13.79 netmask 255.255.255.255
static (inside,outside) tcp 1.1.1.83 25 192.168.13.5 25 netmask 255.255.255.255
static (inside,outside) tcp 2.2.2.217 110 192.168.13.5 110 netmask 255.255.255.255
static (inside,outside) 2.2.2.4 192.168.44.18 netmask 255.255.255.255

access-list out2in permit udp any host 1.1.1.79 eq 6894
access-list out2in permit tcp any host 1.1.1.83 eq 25
access-list out2in permit tcp any host 2.2.2.217 eq 110
access-list out2in permit gre any host 2.2.2.4

access-group out2in in interface outside

route inside 192.168.44.0 255.255.255.0 192.168.13.253


This illustrates several points:

1) you only use a single IP address range for the PIX outside interface

2) you can static IPs in either address range to the outside interface:
the PIX is able to handle receiving packets for an indefinite number
of different outside address ranges even if they have nothing to do
with the address range assigned to the outside interface

3) you can static different outside IPs to the same inside IP as long
as the ports differ

4) you can static different outside IP ranges to the same inside IP range

5) you can static different outside IP ranges to different inside
IP ranges, as long as you have an inside router (192.168.13.253 in
this example) that has an address in the same IP range as the
inside interface. Hosts that lived in that second internal address
range would need to have their default gateway set to a router that
knew to pass their outgoing external-bound packets to the single
PIX inside IP.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
pix 501 - routing from pix subnet to another (dir-655) question ra170 Cisco 1 11-22-2010 04:46 AM
intervlan routing and policy routing C3750 or C 4948 Sied@r Cisco 3 10-20-2005 08:42 PM
integrating new 3550 with routing into existing routing structure? joeblow Cisco 3 03-14-2005 08:50 AM
exchange routes between global IP routing table and VRF routing table zher Cisco 2 11-04-2004 11:28 PM
PIX to PIX to PIX meshed VPN Richard Cisco 1 11-15-2003 07:41 AM



Advertisments