Multiple outside interfaces on PIX?

sonnyw · ‎03-04-2005

Howdy,

Can I have more than one outside interface on a PIX?

I have two /27 on two totally different subnets. I'd like to be able to route each of these subnets via different interfaces on the PIX.

So for example, four interfaces (two public, two private).

E0 - 200.100.20.1/27

E1 - 200.100.30.1/27

E2 - 10.1.10.1/24 (NAT's with E0)

E3 - 10.1.20.1/24 (NAT's with E1)

Router on the outside will have multiple interfaces, with one each for E0 and E1.

The PIX would then route traffic via two different routes, depending on the source (what would the route statement look like?).

I want to do this so one of our customers can use our PIX unit and not have to spend the $$ on another one. I *think* I read somewhere you can only have one external interface on a PIX, but can't seem to see that anywhere now.

Cheers

Sonny

pcomeaux · ‎03-04-2005

Hi Sonny -

This scenario you desribed is possible with Virutal Firewalls or possibly with an IOS FW. This feature today is only supported on the FWSM. The pix 7.x code may support this in the future.

Depending on the network, you may be able to accomplish the above with a 2 small Pix, like a 501 or 506e.

Sorry to deliver bad news, but let us know how we can help.

peter

CSCO10490349 · ‎03-06-2005

Cisco does have a solution for this, even a configuration guide on the tech support. Take a look here:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094763.shtml