Add extra IPs to outside interface in 506E

Discussion in 'Cisco' started by The Techie, Apr 19, 2006.

  1. The Techie

    The Techie Guest

    I have a PIX 506E with a single public IP on it's outside, but we have
    4 more IPs available to us in a /30 subnet. I need to know if I can add
    these extra IPs to the outside interface and set up translation rules
    to different servers inside.

    How??

    Anyone?

    Cheers,

    Chris.
    The Techie, Apr 19, 2006
    #1
    1. Advertising

  2. The Techie

    AM Guest

    The Techie wrote:

    > I have a PIX 506E with a single public IP on it's outside, but we have
    > 4 more IPs available to us in a /30 subnet. I need to know if I can add
    > these extra IPs to the outside interface and set up translation rules
    > to different servers inside.


    I think you needn't to "add" more IP addresses to the interface. Just use the translations (static NAT) rules and the
    PIX will intercept all the traffic going towards those addresses and if correctly configured it will forward the traffic
    of interest to internal servers.
    Obviously those 4 addresses must be forwarded to it by the previous hop.
    Bye,

    alex.
    AM, Apr 19, 2006
    #2
    1. Advertising

  3. In article <8iq1g.88549$>, AM <> wrote:
    >The Techie wrote:


    >> I have a PIX 506E with a single public IP on it's outside, but we have
    >> 4 more IPs available to us in a /30 subnet. I need to know if I can add
    >> these extra IPs to the outside interface and set up translation rules
    >> to different servers inside.


    >I think you needn't to "add" more IP addresses to the interface. Just
    >use the translations (static NAT) rules and the
    >PIX will intercept all the traffic going towards those addresses and if
    >correctly configured it will forward the traffic
    >of interest to internal servers.
    >Obviously those 4 addresses must be forwarded to it by the previous hop.


    Expanding slightly on what AM said:

    It is not possible to get the PIX itself to respond to multiple IP
    addresses for a single [logical] interface. That is, the PIX *itself*
    cannot be made to respond to pings to different addresses, nor can you
    have multiple VPN termination IPs on a single [logical] interface,
    nor can you manage the PIX (telnet, ssh, PDM, ASDM for PIX 7)
    through several IPs on the same interface. (This can be of importance
    when the IPs you would -like- to use are on different subnets and
    there is no router path you can use.)

    The PIX is, though, happy to handle any number of different IPs
    for traffic passing *through* the PIX. It will often proxy ARP for
    the IPs (no matter what subnet they are), but there are some instances
    in which proxy ARP is disabled so it is best not to count on that and
    to instead explicitly route the extra IPs to the official PIX interface IP.
    Walter Roberson, Apr 19, 2006
    #3
  4. The Techie

    NETADMIN Guest

    Their are 2 possibility to use extra IPaddresses

    1. PAT thats is patting all internal IPs to extra IPs for better
    performance of Web traffic.

    2. Static NAT that is statically mapping IP one to one (extrnal IP to
    internal server)

    If not inthis two icant understand whatyou aksed pleas ebe more
    specific?


    Regards..
    CK-NET
    NETADMIN, Apr 19, 2006
    #4
  5. The Techie

    The Techie Guest

    Hi Alex,

    I suspected this was the case, but my previous config attempts must
    have been wrong! I have just now created a new static PAT through to a
    host on the inside, using one of my alternate IPs, and with the correct
    port opened in the ACL, the connection worked fine. Thanks for your
    assistance.

    Chris.
    The Techie, Apr 20, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page