PIX 515 Multiple Addresses Possible?

Discussion in 'Cisco' started by mk, May 12, 2004.

  1. mk

    mk Guest

    I am in the process of converting from an old IP range to a new range.
    Is it possible to allow both ranges to pass through the PIX?

    I know on the router you can assign a secondary IP to an interface.
    Can you do something simular on the PIX?

    Basically, I want to use two ranges of public IP's. I can't use NAT
    on the internal network.

    If I can't add a secondary IP, can I somehow map both IP's to go
    through the firewall?

    Thanks
    mk, May 12, 2004
    #1
    1. Advertising

  2. mk

    Joce Guest

    mk wrote:

    > I am in the process of converting from an old IP range to a new range.
    > Is it possible to allow both ranges to pass through the PIX?
    >
    > I know on the router you can assign a secondary IP to an interface.
    > Can you do something simular on the PIX?
    >
    > Basically, I want to use two ranges of public IP's. I can't use NAT
    > on the internal network.
    >
    > If I can't add a secondary IP, can I somehow map both IP's to go
    > through the firewall?
    >
    > Thanks

    PIX doensn't support this.

    You could use a extra interface or setting up a trunk with two virtual
    interfaces.
    Joce, May 12, 2004
    #2
    1. Advertising

  3. In article <>,
    mk <> wrote:
    :I am in the process of converting from an old IP range to a new range.
    : Is it possible to allow both ranges to pass through the PIX?

    Yes.


    :I know on the router you can assign a secondary IP to an interface.
    :Can you do something simular on the PIX?

    No.


    :Basically, I want to use two ranges of public IP's. I can't use NAT
    :eek:n the internal network.

    :If I can't add a secondary IP, can I somehow map both IP's to go
    :through the firewall?

    Yes. Just ensure that the second IP range is routed to the PIX
    outside address in the first range. After that, any static/nat's
    you have will take care of allowing the IPs to be accepted. If the
    IPs are going to different interfaces then you do not need to do
    anything else. If the IPs are going to the same interface, then you
    will need to add at least one 'route' statement to point the second
    range to the appropriate router behind the desired interface.

    We have several IP ranges hiding behind a single interface on our main
    PIX.

    The 'No' answers I gave above have to do with the fact that you
    cannot get the PIX *itself* to respond to multiple IP addresses on
    the same logical interface. For example, you wouldn't be able to
    ssh to the PIX or ping the PIX -itself- with two different IPs.

    [Note: if you are running a new enough version of PIX, then on
    the 515 and higher models, you can have multiple logical interfaces
    on the same physical interface, by using VLANs. Each logical interface
    should be a different security level.]
    --
    *We* are now the times. -- Wim Wenders (WoD)
    Walter Roberson, May 12, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. alex
    Replies:
    16
    Views:
    6,297
    Walter Roberson
    Nov 3, 2003
  2. Replies:
    10
    Views:
    1,584
  3. Scott Townsend
    Replies:
    8
    Views:
    674
    Roman Nakhmanson
    Feb 22, 2006
  4. Stephen M
    Replies:
    1
    Views:
    630
    mcaissie
    Nov 14, 2006
  5. djone
    Replies:
    1
    Views:
    745
    BoBraxton
    Dec 20, 2007
Loading...

Share This Page