11-03-2003 12:12 PM - edited 02-20-2020 11:04 PM
I have numerous routable class c networks i want to assign to the interfaces behind our pix 515e 6.22 OS. It seems when i give another interface a routabel address that interface and its computers can't get past the pix. The outside interface has 1 routable address, but how do i get multiple out from behind. the routers are outside of the pix but they are all vlan'd down the same pipe. So we have 6 class c that come down our same pipe and work fine from outside the firewall. So i have 128.128.128.0, 128.128.129.0, 128.128.130.0 that i want behind the firewall on separtate interfaces. Currently the outside of the pix has 128.128.127.0 that works fine. I want them all to go to the outside world. Any thoughts. Thanks in advance.
Sincerely
Jim kiddoo
PS. I want this becasue our ISP blocks addresses that are doing bad things, so when it is PAT they block our whole gateway, i want them to just block the offending machine.
11-04-2003 01:30 AM
If you want to have the inside addresses hiding behind your PIX, you will need to address translate them to an address on the outside.
similar to the following
global (outside) 1 128.128.127.254
nat (inside) 1 128.128.128.0 255.255.255.0
nat (inside) 1 128.128.129.0 255.255.255.0
nat (inside) 1 128.128.130.0 255.255.255.0
11-04-2003 09:14 AM
Thanks for that, but i don't want them to be natted, i want them to appear on the outside as exactly what they are. The router is on the outside 128.128.128.1 for example, so the clients point to 128.128.128.2 as their gateway but when i set this up they can't get past the pix
Thanks
Jim
11-04-2003 10:19 AM
You can use the inside interface of you PIX as your default gateway and then enable proxy arp. My internal subnet uses the inside interface of my perimeter PIX as it's default gateway, which is configured for proxy arp, which in turn forwards the traffic to a router on the outside.
If you go into the PDM and look under the System Properties tab/Routing/Proxy ARPs setting, you can enable it for your PIX interfaces.
Hope this helps
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide