PIX 515U with multiple subnets behind trusted interface

We currently have servers on 10.0.0.0/24 (10.0.0.4 is the default gateway for
the LAN) which is almost full and want to add more. We're running a PIX 515U on
6.3.4 and would like to add a new network of 192.168.0.0/24 to that network.
The new network has no need to talk to the old one. Is this possible and if so
how would we point the 192.168.0.0/24 systems to the Default Gateway IP on the
PIX of 10.0.0.4? Can the PIX have multiple IPs assigned to the inside interface
so the 192.168.0.0/24 can point to 192.168.0.1 as the DG?

Am I crazy? What am I missing? Thanks...

Thanks...
Brian Bergin

I can be reached via e-mail at
cisco_dot_news_at_comcept_dot_net.

Please post replies to the group so all may benefit.

NOTICE: Use of this information is contingent upon acceptance of Paragraph 17 of Terabyte's Terms and conditions located at http://terabyte.net/terms.htm#postings.

 

My suggestion would be to change your subnet mask to 16 bits (or even 8
bits) to increase the number of hosts available.

17 of Terabyte's Terms and conditions located at
http://terabyte.net/terms.htm#postings.

 

:We currently have servers on 10.0.0.0/24 (10.0.0.4 is the default gateway for
:the LAN) which is almost full and want to add more. We're running a PIX 515U on
:6.3.4 and would like to add a new network of 192.168.0.0/24 to that network.
:The new network has no need to talk to the old one. Is this possible and if so
:how would we point the 192.168.0.0/24 systems to the Default Gateway IP on the
IX of 10.0.0.4? Can the PIX have multiple IPs assigned to the inside interface
:so the 192.168.0.0/24 can point to 192.168.0.1 as the DG?

The PIX cannot have multiple IPs assigned to any logical interface.
If you have an 802.1Q aware switch as the backend to the PIX, you
could configure two logical interfaces (VLANs) on the same physical
interface -- that's now possible down to the PIX 506 [but not the 501.]

If you don't want to use 802.1Q VLANs, then you need an inside
router, and you need a 'route' statement on the PIX pointing the
new 192.168/24 net to the router's presence in 10.0.0/24 .

 

-cnrc.gc.ca (Walter Roberson) wrote:

|In article <>,
|:We currently have servers on 10.0.0.0/24 (10.0.0.4 is the default gateway for
|:the LAN) which is almost full and want to add more. We're running a PIX 515U on
|:6.3.4 and would like to add a new network of 192.168.0.0/24 to that network.
|:The new network has no need to talk to the old one. Is this possible and if so
|:how would we point the 192.168.0.0/24 systems to the Default Gateway IP on the
|IX of 10.0.0.4? Can the PIX have multiple IPs assigned to the inside interface
|:so the 192.168.0.0/24 can point to 192.168.0.1 as the DG?
|
|The PIX cannot have multiple IPs assigned to any logical interface.
|If you have an 802.1Q aware switch as the backend to the PIX, you
|could configure two logical interfaces (VLANs) on the same physical
|interface -- that's now possible down to the PIX 506 [but not the 501.]
|
|If you don't want to use 802.1Q VLANs, then you need an inside
|router, and you need a 'route' statement on the PIX pointing the
|new 192.168/24 net to the router's presence in 10.0.0/24 .

Ok, I understand. How about if I go to something like 10.0.0.0/23 and use
255.255.254.0 as my subnet mask and move all the new systems onto 10.0.1.0? Am
I totally off base?

TIA...
BSB