Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
365
Views
0
Helpful
3
Replies

multiple routable addresses behind pix

Jim.Kiddoo
Level 1
Level 1

‎11-03-2003 12:12 PM - edited ‎02-20-2020 11:04 PM

I have numerous routable class c networks i want to assign to the interfaces behind our pix 515e 6.22 OS. It seems when i give another interface a routabel address that interface and its computers can't get past the pix. The outside interface has 1 routable address, but how do i get multiple out from behind. the routers are outside of the pix but they are all vlan'd down the same pipe. So we have 6 class c that come down our same pipe and work fine from outside the firewall. So i have 128.128.128.0, 128.128.129.0, 128.128.130.0 that i want behind the firewall on separtate interfaces. Currently the outside of the pix has 128.128.127.0 that works fine. I want them all to go to the outside world. Any thoughts. Thanks in advance.

Sincerely

Jim kiddoo

PS. I want this becasue our ISP blocks addresses that are doing bad things, so when it is PAT they block our whole gateway, i want them to just block the offending machine.

0 Helpful
3 Replies 3

steven.wilson
Level 1
Level 1

‎11-04-2003 01:30 AM

If you want to have the inside addresses hiding behind your PIX, you will need to address translate them to an address on the outside.

similar to the following

global (outside) 1 128.128.127.254

nat (inside) 1 128.128.128.0 255.255.255.0

nat (inside) 1 128.128.129.0 255.255.255.0

nat (inside) 1 128.128.130.0 255.255.255.0

0 Helpful

Jim.Kiddoo
Level 1
Level 1
In response to steven.wilson

‎11-04-2003 09:14 AM

Thanks for that, but i don't want them to be natted, i want them to appear on the outside as exactly what they are. The router is on the outside 128.128.128.1 for example, so the clients point to 128.128.128.2 as their gateway but when i set this up they can't get past the pix

Thanks

Jim

0 Helpful

bfl1
Level 1
Level 1
In response to Jim.Kiddoo

‎11-04-2003 10:19 AM

You can use the inside interface of you PIX as your default gateway and then enable proxy arp. My internal subnet uses the inside interface of my perimeter PIX as it's default gateway, which is configured for proxy arp, which in turn forwards the traffic to a router on the outside.

If you go into the PDM and look under the System Properties tab/Routing/Proxy ARPs setting, you can enable it for your PIX interfaces.

Hope this helps

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card