PIX 501: Multiple IP Addresses on the Untrusted Interface

Discussion in 'Cisco' started by Winsotn Wolf, Dec 15, 2003.

  1. Winsotn Wolf

    Winsotn Wolf Guest

    I'm interested in using a PIX 501 as a firewall for two devices. What
    I would like to do is assign two ip addresses to the untrusted
    interface, then perform a one to one NAT. Is this possible on the PIX
    501?

    Thanks!
     
    Winsotn Wolf, Dec 15, 2003
    #1
    1. Advertising

  2. In article <>,
    Winsotn Wolf <> wrote:
    :I'm interested in using a PIX 501 as a firewall for two devices. What
    :I would like to do is assign two ip addresses to the untrusted
    :interface, then perform a one to one NAT. Is this possible on the PIX
    :501?

    Not in the way you phrase it, no, but the effect you want is
    certainly possible.

    Not the way you phrase it because any interface can only be assigned
    a single IP address. But that only matters for firewall management
    and IPSec purposes.

    What you should do is simply use as many 'static' as you need.
    For example,

    static (inside, outside) 4.9.11.15 192.168.33.98 netmask 255.255.255.255
    static (inside, outside) 58.223.77.129 192.168.33.47 netmask 255.255.255.255

    The PIX can work with an indefinite number of outside IPs in this
    manner, and they do not need to be in the same subnet. Make sure,
    though, that all the appropriate IP addresses are routed to the PIX
    outside IP by your router, or make sure the conditions are right for
    proxy-arp to be effective.

    --
    Any sufficiently advanced bug is indistinguishable from a feature.
    -- Rich Kulawiec
     
    Walter Roberson, Dec 15, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andre
    Replies:
    7
    Views:
    807
    Andre
    Feb 20, 2005
  2. Erich Reimberg N.

    Pix: 2 addresses for 1 interface

    Erich Reimberg N., Aug 26, 2005, in forum: Cisco
    Replies:
    2
    Views:
    548
    Walter Roberson
    Aug 26, 2005
  3. Erich Reimberg N.

    Pix: 2 addresses for 1 interface

    Erich Reimberg N., Aug 29, 2005, in forum: Cisco
    Replies:
    0
    Views:
    399
    Erich Reimberg N.
    Aug 29, 2005
  4. David H. Lipman
    Replies:
    13
    Views:
    751
    David H. Lipman
    Feb 11, 2006
  5. Matthias Scheler
    Replies:
    7
    Views:
    1,265
    Matthias Scheler
    Dec 22, 2009
Loading...

Share This Page