03-04-2009 01:26 PM - edited 03-11-2019 08:00 AM
I am beginning to run out of address spaces and I am looking at getting another range. I would like to create sub-interfaces but I am running into one problem. When I move the interface "outside" interface to one of the subinterfaces anything applied to that interace goes away. Is there any way to move the "nameif outside" to a subinterface without losing all the references? Or does anyone have any other suggestions about how to bring in the new range?
03-04-2009 01:37 PM
Michael
Is the new range just going to be used for NAT etc. ?
If so you don't need another outside interface. You just need to make sure that your new IP address block is routed by your ISP to the existing outside interface of your firewall.
Then you can simply add static statements as normal eg.
static (dmz,outside) 195.77.1.10 192.168.5.10 netmask 255.255.255.255
where 195.77.1.10 is part of the new address block. Allow access in the acl and it should all work fine.
Note that the new IP address block does not have to follow on from your existing public IP block. As i say all you need to ensure is that any traffic destined for 195.77.1.x from the internet is routed to your firewall and the ISP should be doing this for you.
Jon
03-04-2009 01:41 PM
This is all I need but I was not sure that would work. Any way thanks for letting me know it will work.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide