Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
414
Views
5
Helpful
4
Replies

Multiple Class C Address on a PIX 515E (2 Interfaces)

eelliston
Level 1
Level 1

‎12-20-2004 09:19 AM - edited ‎02-20-2020 11:49 PM

I am going to be doing an install for a client that has been assigned 3 class C address spaces from their provider.

Here they are.

216.82.64.0/24

216.82.65.0/24

216.82.68.0/24

I know I can assign the 1st 2 with a /23 subnet assignment, but the 3rd range is a problem for me. Is there a way I can assign that space as a secondary IP set on the PIX? If so....I could use some syntax help for this. and NO the ISP could not give me 3 subnets in a row...

Thanks!

0 Helpful
4 Replies 4

nkhawaja
Cisco Employee
Cisco Employee

‎12-20-2004 04:45 PM

Hi,

no you cant assign a secondary ip on the pix. but you can still use all 3 subnets on the pix, using nat/global or static commands. with proper routing in place, you can only assign one subnet to the interface and have the other two use for other purposes etc.

i hope you got the idea!

Regards,

Nadeem

eelliston
Level 1
Level 1
In response to nkhawaja

‎12-20-2004 05:32 PM

So I could have it set where the PIX outside interface is the 2 host (the 1st would be the ISP)

I understand how to make the traffic flow from that point...but what about the 3rd Class C? Can I still assign it as a global static address and it will be able to pass traffic?

Humm...

Thanks!!!

Eric

0 Helpful

nkhawaja
Cisco Employee
Cisco Employee
In response to eelliston

‎12-20-2004 06:09 PM

so you assign 16.82.64.0/24 to outside, in that case you need to put some hosts on the outside segment to utilize the public ip addresses, or you can further subnet this network to two hosts, then use the other addreses for public . example config like this

outside address 16.82.64.1/30 where the isp router ip will be 16.82.64.2

then you use

nat/global and static statemetns and place your hosts on the inside network or on the dmz network.

thanks

Nadeem

0 Helpful

eelliston
Level 1
Level 1
In response to nkhawaja

‎12-20-2004 06:42 PM

First off, thank you again for helping...it has been huge for me.

If the 3 class C spaces were "in a row" I could make perfect sense of this. Its that 3rd class C that is throwing me off.

Here they are again...

216.82.64.0/24

216.82.65.0/24

216.82.68.0/24

I know I can group 216.82.64.0 and 216.82.65.0 into a /23 mask but the third is 216.82.68.0/24

I know its probably against the rules, but could I get the PIX to see this entire space on a /21 which would cover from 216.82.64.0 - 216.82.71.0. Even though not all of those addresses are not routed to me, it seems like it could work. I don't seem to understand how I can get to my next hop from within the firewall on the 216.82.68.0 network.

For instace, I will have static mappings on all 3 addresses:

static (inside,outside) 216.82.64.12 192.168.64.12 netmask 255.255.255.255 0 0

static (inside,outside) 216.82.65.110 192.168.65.110 netmask 255.255.255.255 0 0

static (inside,outside) 216.82.68.220 192.168.68.220 netmask 255.255.255.255 0 0

How does the 216.82.68.220 global address route back out? Maybe i don't understand what route statements I need.

Thanks again!!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card