Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
825
Views
0
Helpful
6
Replies

Can a PIX 515e support more than one subnet?

comoms_dot_com
Level 1
Level 1

‎07-19-2005 12:44 PM - edited ‎02-21-2020 12:16 AM

I currently have a /28 setup in my PIX.

The outside interface is xx.185.xxx.xxx

The inside interface is 192.168.1.1

I am using NAT to translate my public addresses from the outside to the inside.

I have run out of addresses in my /28 so I requested a /24 and have just recieved them from my provider. Being that I have been using this /28 for some time and I am in full production I do not want to get rid of those addresses and they are not somewhere in the range of addresses in my /24.

What I am hoping to be able to do is to add this second subnet to my PIX and translate both subnets to my inside addresses.

Can this be done?

Thanks for all of your help!

0 Helpful
6 Replies 6

nkhawaja
Cisco Employee
Cisco Employee

‎07-19-2005 12:58 PM

Yes, you can define more subnets or networks in your translation statements nat/global or static. As long as you have the correct routing setup to forward those IP addresses to PIX, PIX will pickup those packets.

thanks

Nadeem

0 Helpful

comoms_dot_com
Level 1
Level 1
In response to nkhawaja

‎07-19-2005 01:04 PM

So my provider will need to route the addresses to my first IP in the /28 range? I am pretty confused on how to make this happen.

0 Helpful

nkhawaja
Cisco Employee
Cisco Employee
In response to comoms_dot_com

‎07-19-2005 01:29 PM

your provider will be routing both of these address spaces to your router. your router will then be routing these to the pix. pix will be picking up those packets based on the translation and access rules

0 Helpful

comoms_dot_com
Level 1
Level 1
In response to nkhawaja

‎07-19-2005 02:10 PM

I do not have a router. My provider assigns me a subnet and I have a PIX as the front line to the internet. I use the PIX to do NAT to my webserver. The /28 that was originally assigned was enough to handle me for the last few years. Now, I need to have all of my sites have an SSL certificate so I need more IPs.

The /24 that was assigned has the addresses of:

Range: 207.7.109.0/24

Default Gateway: 207.7.109.1

Usable: 207.7.109.2 - 207.7.109.254

Subnet Mask: 255.255.255.0

[Network: 207.7.109.0; Broadcast: 207.7.109.255]

The /28 is:

Range: 66.185.162.160/28

Default Gateway: 66.185.162.161

Usable: 66.185.162.162 - 66.185.162.174

Subnet Mask: 255.255.255.240

[Network: 66.185.162.160 ; Broadcast: 66.185.162.175 ]

I would like to add this /24 along side my /28

I have attached my config for review.

Preview file
8 KB
0 Helpful

nkhawaja
Cisco Employee
Cisco Employee
In response to comoms_dot_com

‎07-20-2005 08:49 AM

in that case your ISP should route the other subnet as well to your PIX.

0 Helpful

groberton
Level 1
Level 1
In response to comoms_dot_com

‎07-21-2005 04:53 AM

The problem lies in the fact that the two networks are completely separate and you cannot run two networks on the outside interface. They have not extended his addressing but they allocated a new range, not very nice. I would like to hear if anyone else has had this problem. All I can see is you having to add in another PIX.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card