Pix 515E multiple subnets on outside interface

bschear · ‎05-03-2007

Can you have multiple subnets on the outside of a Pix 515E with 6.3(3)? I have run out of addresses and adding a subnet would take much less configuration changes. I have a 2801 router with a T1 card with the Pix 515E behind it. If I just set up the routes for new public subnet on the 2801 and setup on the outside of the Pix the Nat and acls for the different subnet would it then be pingable etc.?

Jon Marshall · ‎05-03-2007

Hi

If i understand correctly then yes you can use another subnet on your pix for NAT etc. As long as the subnet your are using gets routed to the outside interface of your pix then it should all work fine.

We have done this a number of times where i work.

HTH

Jon

mark.j.hodge · ‎05-04-2007

Have you any experiance of implementing this in a Failover environment, are there any additional issues to be aware of?

Jon Marshall · ‎05-04-2007

Hi Mark

Yes it works in a failover environment as well. There are no additional issues i have come across. All you are doing is setting up static statements and acl rules for this additional subnet and these are automatically updated to the failover device.

Your routing to this subnet just points to the IP on the outside interface of the active Pix which gets transferred in failover anyway.

HTH

Jon