https://community.cisco.com/t5/network-security/routing-through-the-pix/m-p/659373#M497448 <HTML><HEAD></HEAD><BODY><P>Your other option is to add vlans to this DMZ network and assign the different IP hosts to the corresponding vlans. Then configure the DMZ interface as a Trunk and the switchport from an access port to a trunk. Assign the secondary you wanted to the new VLAN interface on the PIX. Assign the original PIX interface IP to the 2nd vlan on the PIX. Setup ACLs and translations to allow routing to these networks. VLANs were available as of 6.3 I believe, but check the release notes of your version to be sure.</P><P></P><P>Please rate any helpful posts</P><P></P><P>Thanks</P><P></P><P>Fred</P></BODY></HTML> Fri, 15 Sep 2006 14:49:26 GMT fred.s.mollenkopf 2006-09-15T14:49:26Z https://community.cisco.com/t5/network-security/routing-through-the-pix/m-p/659367#M497438 <P>i have an interface on one of my dmz interfaces with ip address 172.27.127.1/24 to a LAN with networks 172.27.127.0/24 and 172.27.124.0/24...how do i reach the 172.27.124 network through this interface through the PIX dmz int ,can it accept a secondary ip ?</P> Fri, 21 Feb 2020 09:10:38 GMT https://community.cisco.com/t5/network-security/routing-through-the-pix/m-p/659367#M497438 Kwakachunga 2020-02-21T09:10:38Z https://community.cisco.com/t5/network-security/routing-through-the-pix/m-p/659368#M497439 <HTML><HEAD></HEAD><BODY><P>Hi .. Are you able to reach 172.27.124.X network from a device located on the 172.27.127.X segment ..? If you can can you send the tracert output .. </P><P></P><P></P></BODY></HTML> Fri, 15 Sep 2006 05:00:25 GMT https://community.cisco.com/t5/network-security/routing-through-the-pix/m-p/659368#M497439 Fernando_Meza 2006-09-15T05:00:25Z https://community.cisco.com/t5/network-security/routing-through-the-pix/m-p/659369#M497441 <HTML><HEAD></HEAD><BODY><P>yes i can there is another linux box with ip 172.27.127.6 that does the routing....</P></BODY></HTML> Fri, 15 Sep 2006 07:41:24 GMT https://community.cisco.com/t5/network-security/routing-through-the-pix/m-p/659369#M497441 Kwakachunga 2006-09-15T07:41:24Z https://community.cisco.com/t5/network-security/routing-through-the-pix/m-p/659370#M497443 <HTML><HEAD></HEAD><BODY><P>have you tried adding static routes on the pix?</P></BODY></HTML> Fri, 15 Sep 2006 11:26:47 GMT https://community.cisco.com/t5/network-security/routing-through-the-pix/m-p/659370#M497443 mgaysek 2006-09-15T11:26:47Z https://community.cisco.com/t5/network-security/routing-through-the-pix/m-p/659371#M497444 <HTML><HEAD></HEAD><BODY><P>It is not possible to have secondary addresses in a PIX. </P><P></P><P>The only solution I can think for this, is to have another device (can be a router with secondary ip address) to do the routing between the two networks for the PIX to the machines in the network 172.27.124.0/24 and the reverse path.</P><P></P><P>Although I would prefer to have only an IP address, I can't think any need for having two networks</P></BODY></HTML> Fri, 15 Sep 2006 12:37:48 GMT https://community.cisco.com/t5/network-security/routing-through-the-pix/m-p/659371#M497444 Alejandro Cadarso Cerdeirina 2006-09-15T12:37:48Z https://community.cisco.com/t5/network-security/routing-through-the-pix/m-p/659372#M497446 <HTML><HEAD></HEAD><BODY><P>To accomplish this, you will need a router on the DMZ network with a route to the 172.27.124.0 network. In addition, you need to add a route on the firewall that points to the router's IP when going to that subnet. (ex: route dmz 172.27.124.0 255.255.255.0 172.27.127.50)</P><P></P><P>Thanks.</P></BODY></HTML> Fri, 15 Sep 2006 13:57:10 GMT https://community.cisco.com/t5/network-security/routing-through-the-pix/m-p/659372#M497446 jwalker 2006-09-15T13:57:10Z https://community.cisco.com/t5/network-security/routing-through-the-pix/m-p/659373#M497448 <HTML><HEAD></HEAD><BODY><P>Your other option is to add vlans to this DMZ network and assign the different IP hosts to the corresponding vlans. Then configure the DMZ interface as a Trunk and the switchport from an access port to a trunk. Assign the secondary you wanted to the new VLAN interface on the PIX. Assign the original PIX interface IP to the 2nd vlan on the PIX. Setup ACLs and translations to allow routing to these networks. VLANs were available as of 6.3 I believe, but check the release notes of your version to be sure.</P><P></P><P>Please rate any helpful posts</P><P></P><P>Thanks</P><P></P><P>Fred</P></BODY></HTML> Fri, 15 Sep 2006 14:49:26 GMT https://community.cisco.com/t5/network-security/routing-through-the-pix/m-p/659373#M497448 fred.s.mollenkopf 2006-09-15T14:49:26Z