topic Re: Can a PIX 515e support more than one subnet? in Network Security

Can a PIX 515e support more than one subnet?

comoms_dot_com — Fri, 21 Feb 2020 08:16:54 GMT

I currently have a /28 setup in my PIX.

The outside interface is xx.185.xxx.xxx

The inside interface is 192.168.1.1

I am using NAT to translate my public addresses from the outside to the inside.

I have run out of addresses in my /28 so I requested a /24 and have just recieved them from my provider. Being that I have been using this /28 for some time and I am in full production I do not want to get rid of those addresses and they are not somewhere in the range of addresses in my /24.

What I am hoping to be able to do is to add this second subnet to my PIX and translate both subnets to my inside addresses.

Can this be done?

Thanks for all of your help!

Re: Can a PIX 515e support more than one subnet?

nkhawaja — Tue, 19 Jul 2005 19:58:04 GMT

Yes, you can define more subnets or networks in your translation statements nat/global or static. As long as you have the correct routing setup to forward those IP addresses to PIX, PIX will pickup those packets.

thanks

Nadeem

Re: Can a PIX 515e support more than one subnet?

comoms_dot_com — Tue, 19 Jul 2005 20:04:36 GMT

So my provider will need to route the addresses to my first IP in the /28 range? I am pretty confused on how to make this happen.

Re: Can a PIX 515e support more than one subnet?

nkhawaja — Tue, 19 Jul 2005 20:29:22 GMT

your provider will be routing both of these address spaces to your router. your router will then be routing these to the pix. pix will be picking up those packets based on the translation and access rules

Re: Can a PIX 515e support more than one subnet?

comoms_dot_com — Tue, 19 Jul 2005 21:10:16 GMT

I do not have a router. My provider assigns me a subnet and I have a PIX as the front line to the internet. I use the PIX to do NAT to my webserver. The /28 that was originally assigned was enough to handle me for the last few years. Now, I need to have all of my sites have an SSL certificate so I need more IPs.

The /24 that was assigned has the addresses of:

Range: 207.7.109.0/24

Default Gateway: 207.7.109.1

Usable: 207.7.109.2 - 207.7.109.254

Subnet Mask: 255.255.255.0

[Network: 207.7.109.0; Broadcast: 207.7.109.255]

The /28 is:

Range: 66.185.162.160/28

Default Gateway: 66.185.162.161

Usable: 66.185.162.162 - 66.185.162.174

Subnet Mask: 255.255.255.240

[Network: 66.185.162.160 ; Broadcast: 66.185.162.175 ]

I would like to add this /24 along side my /28

I have attached my config for review.

Re: Can a PIX 515e support more than one subnet?

nkhawaja — Wed, 20 Jul 2005 15:49:32 GMT

in that case your ISP should route the other subnet as well to your PIX.

Re: Can a PIX 515e support more than one subnet?

groberton — Thu, 21 Jul 2005 11:53:09 GMT

The problem lies in the fact that the two networks are completely separate and you cannot run two networks on the outside interface. They have not extended his addressing but they allocated a new range, not very nice. I would like to hear if anyone else has had this problem. All I can see is you having to add in another PIX.