Solved: Re: PIX 520 IP Addressing question.

syancy · ‎08-04-2004

My 520 has 2 Ethernet ports. Can I ip the Outside interface(E0) 170.1.111.1 255.255.255.255 and IP the inside(E1) 170.1.111.2 255.255.255.0. If not how can have both interfaces on the same subnet. I want to use the 520 as a packet filtering firewall within a corporate WAN. The boxes on the inside will have an ip address in the range of 170.1.111.0.

***These are not my actual IP addresses***

bvanniekerk · ‎08-04-2004

Its called multinetting, if I am not mistaken and no, you cannot multinet, i.e. have same subnet on different interfaces on same device.

View solution in original post

bvanniekerk · ‎08-04-2004

Its called multinetting, if I am not mistaken and no, you cannot multinet, i.e. have same subnet on different interfaces on same device.

syancy · ‎08-05-2004

Even though the E0 interface is a single host subnet? I also thought multinetting was when you have the same subnet on the same interface.

scoclayton · ‎08-05-2004

This is a actually a feature we are calling transparent firewalling (firewall acting as a bridge rather than an L3 hop). This feature is new in the 7.0 release which starts it's beta in a few weeks. If you are interested in getting involved in the beta program, please contact your local Cisco account team to get added to the list. The problem in your case however, is that the PIX 520 is *not* going to be supported by the 7.0 release. So, you will also need some new hardware.

One other option is that IOS FW recently added transparent firewall support. I believe it is in 12.3(8)T but check the docs to be sure.

Hope this helps.

Scott