PIX 501: Multiple IP Addresses on the Untrusted Interface

Discussion in 'Cisco' started by Winsotn Wolf, Dec 15, 2003.

  1. Winsotn Wolf

    Winsotn Wolf Guest

    I'm interested in using a PIX 501 as a firewall for two devices. What
    I would like to do is assign two ip addresses to the untrusted
    interface, then perform a one to one NAT. Is this possible on the PIX
    501?

    Thanks!
     
    Winsotn Wolf, Dec 15, 2003
    #1
    1. Advertisements

  2. :I'm interested in using a PIX 501 as a firewall for two devices. What
    :I would like to do is assign two ip addresses to the untrusted
    :interface, then perform a one to one NAT. Is this possible on the PIX
    :501?

    Not in the way you phrase it, no, but the effect you want is
    certainly possible.

    Not the way you phrase it because any interface can only be assigned
    a single IP address. But that only matters for firewall management
    and IPSec purposes.

    What you should do is simply use as many 'static' as you need.
    For example,

    static (inside, outside) 4.9.11.15 192.168.33.98 netmask 255.255.255.255
    static (inside, outside) 58.223.77.129 192.168.33.47 netmask 255.255.255.255

    The PIX can work with an indefinite number of outside IPs in this
    manner, and they do not need to be in the same subnet. Make sure,
    though, that all the appropriate IP addresses are routed to the PIX
    outside IP by your router, or make sure the conditions are right for
    proxy-arp to be effective.
     
    Walter Roberson, Dec 15, 2003
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.