https://community.cisco.com/t5/network-security/pix-515-multiple-subnets/m-p/462205#M535488 <HTML><HEAD></HEAD><BODY><P>Can you please list the commands to this post that one would use to add a second subnet to their PIX? I have searched and searched and have not been able to come up with that information.</P><P></P><P>Thanks!</P></BODY></HTML> Mon, 18 Jul 2005 20:30:35 GMT comoms_dot_com 2005-07-18T20:30:35Z https://community.cisco.com/t5/network-security/pix-515-multiple-subnets/m-p/462203#M535486 <P>Can I have a /28 and a /24 both allocated into one PIX 515e? My current configuration is setup for the /28 and I would like to keep that address space just as it is and then add the /24 if possbile.</P><P></P><P>Thanks!</P> Fri, 21 Feb 2020 08:16:00 GMT https://community.cisco.com/t5/network-security/pix-515-multiple-subnets/m-p/462203#M535486 comoms_dot_com 2020-02-21T08:16:00Z https://community.cisco.com/t5/network-security/pix-515-multiple-subnets/m-p/462204#M535487 <HTML><HEAD></HEAD><BODY><P>Yes, you can add /24 along.</P></BODY></HTML> Mon, 18 Jul 2005 17:57:30 GMT https://community.cisco.com/t5/network-security/pix-515-multiple-subnets/m-p/462204#M535487 umedryk 2005-07-18T17:57:30Z https://community.cisco.com/t5/network-security/pix-515-multiple-subnets/m-p/462205#M535488 <HTML><HEAD></HEAD><BODY><P>Can you please list the commands to this post that one would use to add a second subnet to their PIX? I have searched and searched and have not been able to come up with that information.</P><P></P><P>Thanks!</P></BODY></HTML> Mon, 18 Jul 2005 20:30:35 GMT https://community.cisco.com/t5/network-security/pix-515-multiple-subnets/m-p/462205#M535488 comoms_dot_com 2005-07-18T20:30:35Z https://community.cisco.com/t5/network-security/pix-515-multiple-subnets/m-p/462206#M535489 <HTML><HEAD></HEAD><BODY><P>"Can I have a /28 and a /24 both allocated into one PIX 515e?", do u mean a secondary ip on the same interface?</P><P></P><P>if yes, then i believe it's not feasible.</P></BODY></HTML> Mon, 18 Jul 2005 21:10:18 GMT https://community.cisco.com/t5/network-security/pix-515-multiple-subnets/m-p/462206#M535489 jackko 2005-07-18T21:10:18Z https://community.cisco.com/t5/network-security/pix-515-multiple-subnets/m-p/462207#M535490 <HTML><HEAD></HEAD><BODY><P>"do u mean a secondary ip on the same interface?"</P><P></P><P>I currently have a /28 setup in my PIX.</P><P></P><P>The outside interface is xx.185.xxx.xxx </P><P>The inside interface is 192.168.1.1</P><P></P><P>I am using NAT to translate my public addresses from the outside to the inside. </P><P></P><P>I have run out of addresses in my /28 so I requested a /24 and have just recieved them from my provider. Being that I have been using this /28 for some time and I am in full production I do not want to get rid of those addresses and they are not somewhere in the range of addresses in my /24. </P><P></P><P>What I am hoping to be able to do is to add this second subnet to my PIX and translate both subnets to my inside addresses.</P><P></P><P>Can this be done?</P><P></P><P>Thanks for all of your help!</P></BODY></HTML> Mon, 18 Jul 2005 22:04:51 GMT https://community.cisco.com/t5/network-security/pix-515-multiple-subnets/m-p/462207#M535490 comoms_dot_com 2005-07-18T22:04:51Z https://community.cisco.com/t5/network-security/pix-515-multiple-subnets/m-p/462208#M535491 <HTML><HEAD></HEAD><BODY><P>assuming the pix interface is not capable for a secondary ip.</P><P></P><P>an alternative would be to implement a router before or after the pix performing NAT</P><P></P><P>another alternative is to use dynamic dns such as dyndns.org</P></BODY></HTML> Mon, 18 Jul 2005 23:57:26 GMT https://community.cisco.com/t5/network-security/pix-515-multiple-subnets/m-p/462208#M535491 jackko 2005-07-18T23:57:26Z https://community.cisco.com/t5/network-security/pix-515-multiple-subnets/m-p/462209#M535492 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>you can configure PIX interface as trunk. Now you can assign multible address for the same interface like your conventional 802.1q trunking. This feature supported only above version 6.3. You can ref. below faq.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_qanda_item09186a0080094874.shtml" target="_blank">http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_qanda_item09186a0080094874.shtml</A></P><P></P><P>VMSundaram</P></BODY></HTML> Tue, 19 Jul 2005 08:18:05 GMT https://community.cisco.com/t5/network-security/pix-515-multiple-subnets/m-p/462209#M535492 meenakshi 2005-07-19T08:18:05Z https://community.cisco.com/t5/network-security/pix-515-multiple-subnets/m-p/462210#M535493 <HTML><HEAD></HEAD><BODY><P>I can not login with my username and password to that link.</P><P></P><P></P></BODY></HTML> Tue, 19 Jul 2005 20:01:53 GMT https://community.cisco.com/t5/network-security/pix-515-multiple-subnets/m-p/462210#M535493 comoms_dot_com 2005-07-19T20:01:53Z https://community.cisco.com/t5/network-security/pix-515-multiple-subnets/m-p/462211#M535494 <HTML><HEAD></HEAD><BODY><P>thanks for the info meenakshi!</P><P></P><P>according to the doco:</P><P></P><P>Step 1 Assign the interface speed to a physical interface by entering the following command:</P><P>interface ethernet0 auto</P><P></P><P></P><P>Step 2 Assign VLAN2 to the physical interface (ethernet0) by entering the following command:</P><P>interface ethernet0 vlan2 physical</P><P></P><P>By assigning a VLAN to the physical interface, you ensure that all frames forwarded on the interface will be tagged. VLAN 1 is not used because that is the default native VLAN for Cisco switches. Without the physical parameter, the default for the interface command is to create a logical interface.</P><P></P><P>Step 3 Create a new logical interface (VLAN3) and tie it to the physical interface (ethernet0) by entering the following command:</P><P>interface ethernet0 vlan3 logical</P><P></P><P>This will allow the PIX Firewall to send and receive VLAN-tagged packets with a VLAN identifier equal to 3 on the physical interface, ethernet0.</P><P></P><P>Step 4 Configure the logical and physical interfaces by entering the following commands:</P><P>nameif ethernet0 outside security0</P><P>nameif vlan3 dmz security50</P><P>ipaddress outside 192.168.101.1 255.255.255.0</P><P>ipaddress dmz 192.168.103.1 255.255.255.0</P><P></P><P></P></BODY></HTML> Tue, 19 Jul 2005 22:46:08 GMT https://community.cisco.com/t5/network-security/pix-515-multiple-subnets/m-p/462211#M535494 jackko 2005-07-19T22:46:08Z https://community.cisco.com/t5/network-security/pix-515-multiple-subnets/m-p/462212#M535495 <HTML><HEAD></HEAD><BODY><P>tested the code after posting it.</P><P></P><P>it seems like the feature works with vlan only, that means it cannot be used as a stand-alone logical interface. </P><P></P><P>thus it doesn't help with the posted scenario, unless you setup a vlan outside the pix which may not be feasible</P></BODY></HTML> Tue, 19 Jul 2005 23:42:57 GMT https://community.cisco.com/t5/network-security/pix-515-multiple-subnets/m-p/462212#M535495 jackko 2005-07-19T23:42:57Z https://community.cisco.com/t5/network-security/pix-515-multiple-subnets/m-p/462213#M535496 <HTML><HEAD></HEAD><BODY><P>Hi VMSundaram,</P><P></P><P>But how can insert a failover pix in this senario using only a single L2 switch with 802.1q trunk to primary pix and failover pix?</P></BODY></HTML> Fri, 05 Aug 2005 06:25:12 GMT https://community.cisco.com/t5/network-security/pix-515-multiple-subnets/m-p/462213#M535496 wanghmk1223 2005-08-05T06:25:12Z https://community.cisco.com/t5/network-security/pix-515-multiple-subnets/m-p/462214#M535497 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P>I think the solution is more simple than you think. You can use your new address-range with nat, global and statics without actually configure it on the physical interface. That way you can use your new address-space. Your ISP have to route your new network to your PIX outside interface. That is all.</P><P></P><P>Best Regards</P><P>Robert Maras</P></BODY></HTML> Fri, 05 Aug 2005 06:37:41 GMT https://community.cisco.com/t5/network-security/pix-515-multiple-subnets/m-p/462214#M535497 maraz 2005-08-05T06:37:41Z