configure 2 public ip range for my cisco pix 515

donnie · ‎08-19-2010

Hi all,

I have 2 public ip range from isp. 1range is 1.1.1.0/30(eg) where 1 ip address is used on the isp end while the other is configured on my pix.

The other ip range is 2.2.2.0/28(eg) which is a bigger ip range which i can use for my publicly accessible servers. Is it possible to configure 2 public ip range on pix? Hence should it be configured as below.

External interface: 1.1.1.2

default gw: 1.1.1.1

For NAT of my publicly accessible servers i just use the public ip range 2.2.2.0.

Will the internet be able to access my public servers even though no interface on my pix is assigned with the 2.2.2.x ip?

Pls advise. Thks in advance.

KARUPPUCHAMY MALAIYANDI · ‎08-19-2010

Hi,

Yes,You can have two public ip address on PIX.One range for connecting to the internet ISP and another one range for NAT.

But this 2.2.2.0/28 ip range should be reachable from ISP.Either you have to advertise via BGP or You have to inform your ISP to do the necessary routing.

Else these NATed servers wont be reachabe from internet.

Thanks

Samy

donnie · ‎08-19-2010

Hi Samy,

Thk you for your reply. I believe the ISP would do the necessary dynamic routing. Hence i can apply my accesslist which permit and deny traffic for my public accessible ip 2.2.2.x to my ext int even though my ext int is configured with 1.1.1.x?

KARUPPUCHAMY MALAIYANDI · ‎08-19-2010

Hi,

Yes.You can configure the ACL and you can apply on the outside interface(1.1.1.x/30 interface).The traffic from internet to your LAN will follow the below procedure

1.Weather the source and destination IP address's are permitted on the access-list.

2.NAT

3.Routing.

If you have proper NAT and routing configuration in place then, it will work.

Thanks

Samy