https://community.cisco.com/t5/network-security/configure-ip-addresses-in-the-external-interface/m-p/1241985#M876890 <P>Hi, I have a 515e pix and I need to configure a pool address in my external interface. I have 5 ip addresses of isp provider. I use the ASDM software.</P><P>Thankyou.</P> Mon, 11 Mar 2019 14:45:49 GMT sistemas 2019-03-11T14:45:49Z https://community.cisco.com/t5/network-security/configure-ip-addresses-in-the-external-interface/m-p/1241985#M876890 <P>Hi, I have a 515e pix and I need to configure a pool address in my external interface. I have 5 ip addresses of isp provider. I use the ASDM software.</P><P>Thankyou.</P> Mon, 11 Mar 2019 14:45:49 GMT https://community.cisco.com/t5/network-security/configure-ip-addresses-in-the-external-interface/m-p/1241985#M876890 sistemas 2019-03-11T14:45:49Z https://community.cisco.com/t5/network-security/configure-ip-addresses-in-the-external-interface/m-p/1241986#M876892 <HTML><HEAD></HEAD><BODY><P>Simply create a new pool ID in your firewall.</P><P></P><P>If your ISP gave you a /28 you then have 6 addresses , you loose one for PIX outside interface.</P><P></P><P>say you have 10.20.20.0/28 </P><P></P><P>You can use outside to PAT, you will see similar scenario as:</P><P></P><P>your PIX outside interface IP is 10.20.20.1/28</P><P></P><P>global (outside) 1 interface</P><P>nat (inside) 1 0 0 (this Will pat anything inside againts your oustside global interface ip)</P><P></P><P></P><P>then crteate a POOL ID , say we use POOL ID 2 , and use remaining public IPs for that pool.</P><P></P><P>global (outside) 2 10.20.20.2-10.20.20.6 </P><P></P><P>you may difine specific inside subnet to use pool 2 instead of PAT </P><P></P><P>say you have inside segments as 172.16.1.0/24 , 10.3.4.0/24 and want to have these subnets use your Pool ID 2. </P><P></P><P></P><P>nat (inside ) 2 172.16.1.0 255.255.255.0</P><P>nat (inside) 2 10.3.4.0 255.255.255.0</P><P></P><P>everything else inside will use PAT via global (outside) 1 interface</P><P></P><P></P><P>Regards</P><P> </P></BODY></HTML> Wed, 04 Feb 2009 16:54:27 GMT https://community.cisco.com/t5/network-security/configure-ip-addresses-in-the-external-interface/m-p/1241986#M876892 JORGE RODRIGUEZ 2009-02-04T16:54:27Z https://community.cisco.com/t5/network-security/configure-ip-addresses-in-the-external-interface/m-p/1241987#M876896 <HTML><HEAD></HEAD><BODY><P>Hola Jorge, gracias por contestar tan rápido. Verás he creado el pool con las direcciones públicas de mi proveedor, pero ninguna de estas direcciones responden a un ping desde fuera. En cambio la ip principal (outside) si que responde. ¿Tengo que añadir algún tipo de regla?. Además tengo que crear un nat de una de estas direcciones públicas a una ip privada de mi lan, ¿como hago esto si en el pool están todas las direcciones?. Perdona mi ignorancia y gracias de antemano.</P></BODY></HTML> Wed, 04 Feb 2009 18:40:29 GMT https://community.cisco.com/t5/network-security/configure-ip-addresses-in-the-external-interface/m-p/1241987#M876896 sistemas 2009-02-04T18:40:29Z https://community.cisco.com/t5/network-security/configure-ip-addresses-in-the-external-interface/m-p/1241988#M876898 <HTML><HEAD></HEAD><BODY><P><B>he creado el pool con las direcciones públicas de mi proveedor, pero ninguna de estas direcciones responden a un ping desde fuera. En cambio la ip principal (outside) si que responde. ¿Tengo que añadir algún tipo de regla?. Además tengo que crear un nat de una de estas direcciones públicas a una ip privada de mi lan, ¿como hago esto si en el pool están todas las direcciones?. Perdona mi ignorancia y gracias de antemano.</B></P><P></P><P>translated <I>I have created the pool with the public IP addresses from my provider, but none of these addresses respond to pings from outside. The primary ip from (outside) does respond. Do I have to additionally create some type of rule? beside, I have to create a nat from one of these public addresses to a orivate IP in my LAN. How do I do this if all these addresses are in a pool? sorry for my ignorance and thank before hand. </I></P><P></P><P></P><P>Hi Luis, I know you can write in English and would like if you could write in English on this post to expand and reach the forum folks.. you will have lots of help from us.</P><P></P><P></P><P>First I though you wanted to create a pool from the remaining public IP addresses , and that is why I responded with an example. Now your requirement has changed to use those public addresses for static nat translations.</P><P></P><P>There are many ways you can use these addresses for static NAT or port forwarding to save public IP addresses but to keep your requirement simple lets work with a simple static one-to-one NAT and take you a step at a time.</P><P></P><P>Forget about the pool for a moument, if you need to map a public IP address to a private IP address you can accomplish this through static NAT.</P><P></P><P>This is an example:</P><P></P><P>static (inside,outside) <PUBLIC_IP> <PRIVATE ip=""> netmask 255.255.255.255 </PRIVATE></PUBLIC_IP></P><P></P><P>then you need to create an access rule to permit traffic from outside to inside via the public IP address you have configured as the example above.</P><P></P><P>Do you understand up to here? </P><P></P><P>Regards</P><P></P><P><I>PLS rate any helpful posts</I></P><P></P><P></P><P></P></BODY></HTML> Wed, 04 Feb 2009 19:54:09 GMT https://community.cisco.com/t5/network-security/configure-ip-addresses-in-the-external-interface/m-p/1241988#M876898 JORGE RODRIGUEZ 2009-02-04T19:54:09Z https://community.cisco.com/t5/network-security/configure-ip-addresses-in-the-external-interface/m-p/1241989#M876901 <HTML><HEAD></HEAD><BODY><P>Hi all, Hi Jorge</P><P>Thank you for your help and for your answers. I have done what you said and it works. Although the public ip doesn't respond to pings, I can reach the private server from outside. I have just put the nat and the access rule and it works. Thank you.</P></BODY></HTML> Wed, 11 Feb 2009 17:03:59 GMT https://community.cisco.com/t5/network-security/configure-ip-addresses-in-the-external-interface/m-p/1241989#M876901 sistemas 2009-02-11T17:03:59Z https://community.cisco.com/t5/network-security/configure-ip-addresses-in-the-external-interface/m-p/1241990#M876905 <HTML><HEAD></HEAD><BODY><P>Luis, thanks for posting the update and glad all worked out.. thank you for rating.</P><P></P><P>B.Regards</P><P>Jorge</P></BODY></HTML> Wed, 11 Feb 2009 20:20:37 GMT https://community.cisco.com/t5/network-security/configure-ip-addresses-in-the-external-interface/m-p/1241990#M876905 JORGE RODRIGUEZ 2009-02-11T20:20:37Z