PIX dual homed for internal routing

Discussion in 'Cisco' started by edavid3001, Jun 28, 2007.

  1. edavid3001

    edavid3001 Guest

    I have a PIX 515E with 3 NICs. I am not a "Cisco guy" so my
    experience is somewhat limited. I have worked with other similar
    products from other vendors.

    I will be using the PIX to provide VPN access and VPN access only. I
    will be placing the VPN outside NIC into my DMZ with a public IP

    I have a single address space /28 that makes up my logical DMZ. I
    have this split across multiple physical DMZ networks by utilizing
    host level routing. The range doesn't really exist as a network
    anywhere, if you follow.
    I have made a request of my ISP for additional address space, which is
    taking a long time.

    Each device has a public IP ( as well as a private IP
    ( My other firewall has routing in place to get to mask via and then to get to mask via And so on. I don't
    like this, but this is what I have & it works.

    The problem is I can't seem to multihome the PIX and give it both an
    private IP and a public IP address. AFAIK the PIX doesn't support
    this. Is there any way around this, shy another router between the
    PIX and the DMZ? I was able to stick another router in place and make
    this all work the way I want -- except I don't want another physical
    router just for this.

    I have 3 NICs on the PIX, I really only need two. I want outside in
    my DMZ, Inside on my inside, and I really don't need the 3rd. Can I
    utilize that 3rd NIC somehow and have the PIX route from it to the
    public IP address on the 'OUTSIDE' which doesn't plug into a real
    logical network? So far all attempts fail with "no route to /
    dmzsourceip/ from /outside/" as if the PIX was accepting the traffic
    on the 3rd NIC, but sending the response from the outside NIC.
    edavid3001, Jun 28, 2007
