PIX dual homed for internal routing

Discussion in 'Cisco' started by edavid3001, Jun 28, 2007.

  1. edavid3001

    edavid3001 Guest

    I have a PIX 515E with 3 NICs. I am not a "Cisco guy" so my
    experience is somewhat limited. I have worked with other similar
    products from other vendors.

    I will be using the PIX to provide VPN access and VPN access only. I
    will be placing the VPN outside NIC into my DMZ with a public IP
    address.

    I have a single address space /28 that makes up my logical DMZ. I
    have this split across multiple physical DMZ networks by utilizing
    host level routing. The range doesn't really exist as a network
    anywhere, if you follow.
    I have made a request of my ISP for additional address space, which is
    taking a long time.

    Each device has a public IP (1.2.3.4) as well as a private IP
    (192.168.0.1) My other firewall has routing in place to get to
    1.2.3.4 mask 255.255.255.255 via 192.168.0.1 and then to get to
    1.2.3.5 mask 255.255.255.255 via 192.168.100.1. And so on. I don't
    like this, but this is what I have & it works.

    The problem is I can't seem to multihome the PIX and give it both an
    private IP and a public IP address. AFAIK the PIX doesn't support
    this. Is there any way around this, shy another router between the
    PIX and the DMZ? I was able to stick another router in place and make
    this all work the way I want -- except I don't want another physical
    router just for this.

    I have 3 NICs on the PIX, I really only need two. I want outside in
    my DMZ, Inside on my inside, and I really don't need the 3rd. Can I
    utilize that 3rd NIC somehow and have the PIX route from it to the
    public IP address on the 'OUTSIDE' which doesn't plug into a real
    logical network? So far all attempts fail with "no route to /
    dmzsourceip/ from /outside/" as if the PIX was accepting the traffic
    on the 3rd NIC, but sending the response from the outside NIC.
     
    edavid3001, Jun 28, 2007
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.