Re: PIX 515 and multiple outside subnets

srand · ‎01-09-2004

I have a pix 515, 6.3. I have two noncontiguous subnets assigned to me by my ISP for my static addressing. I cannot get the second one to work. Is this even possible?

Thank you.

Sara

edmonds_robert · ‎01-09-2004

I believe you are going to need another interface in your PIX to accomplish this, since it requires that each interface be in a different subnet. I'm sure if that's not correct, someone will correct me.

vitaliy.pindyura · ‎01-09-2004

I think it is possible. If you have a router in front of your pix - you can route the second network to your pix external interface and then use the "static" command as usual. I am not sure if I am being clear enough, so here is an example:

You have 2 subnets assigned to you by your ISP - let's say they are 1.1.1.0/24 and 2.2.2.0 /24.

1.1.1.1 belongs to your (or your ISP) router's interface and 1.1.1.2 is ip of pix external interface. Then you have to put the following route to that router (or ask your ISP to do that):

ip route 2.2.2.0 255.255.255.0 1.1.1.2

Then you will be able to use both subnets:

static (inside,outside) 1.1.1.3 10.10.10.3 netmask 255.255.255.255

static (inside,outside) 2.2.2.3 10.10.10.4 netmask 255.255.255.255

where 10.10.10.0/24 is your internal network behind the pix.

mostiguy · ‎01-11-2004

I think vitaliy is correct - I was able to do something similar once when I had to re-ip address a remote office

PJWHITBY · ‎01-15-2004

vitaliy, you are correct. I have the same issue, applied your advice and it works beautifully.

Thanks

srand · ‎01-16-2004

Thank you for the information. It is what I thought and you answer gave me a little ammunition to give the ISP. Problem is now resolved.