Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
489
Views
0
Helpful
4
Replies

PIX IP address help

Go to solution
eelliston
Level 1
Level 1

‎12-20-2004 11:51 AM - edited ‎02-20-2020 11:49 PM

How many subnets can I assign to an interface of a PIX?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎12-20-2004 02:18 PM

Each interface of a PIX can have one, and only one, IP address assigned to it. It is not like a router that can have multiple secondary IP addresses configured.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎12-20-2004 02:18 PM

Each interface of a PIX can have one, and only one, IP address assigned to it. It is not like a router that can have multiple secondary IP addresses configured.

0 Helpful

Go to solution
eelliston
Level 1
Level 1
In response to gfullage

‎12-20-2004 02:32 PM

Thats what I thought. I have a customer who is moving into a datacenter and they have 3 Class C address spaces:

216.82.64.0/24

216.82.65.0/24

216.82.68.0/24

I have 3 interfaces on the PIX. How would I set it up where I can use all these address spaces. I know I can put the first 2 spaces on a /23 subnet but the 3rd is a pain. Could I use one of the other interfaces for that?

Any help would be huge!

Thanks.

0 Helpful

Go to solution
gfullage
Cisco Employee
Cisco Employee
In response to eelliston

‎12-20-2004 04:37 PM

Assuming you want these subnets on inside/dmz interfaces, I'm not really sure what you're asking. If you have an inside, a dmz and an outside int, then you could just do:

ip address inside 216.82.64.1 255.255.254.0

ip address dmz 216.82.68.1 255.255.255.0

This way you get the 2 class-C's on the inside and one whole class-C on the DMZ. You also configure whatever IP address the ISP tells you to on the outside and set the defautl gateway accordingly.

What you do though really depends on how your customer wants it set up. If they have a DMZ with only a couple of servers on it, it's crazy to waste a whole class-C on that interface. Does your customer really need 3 entire class-C's, that must be costing them a fortune, why not implement private IP addressing and just purchase a few valid IP addresses for NAT'ing and PAT'ing?

Going even further you could subnet them up more by using logical interfaces in the PIX, so you could create multiple internal interfaces and subnet the class-C's down to /25, /26 or further. See http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/bafwcfg.htm#wp1113411 for further details.

0 Helpful

Go to solution
eelliston
Level 1
Level 1
In response to gfullage

‎12-20-2004 05:23 PM

Thanks for the help. I don't know how they talked this datacenter into 3 full /24 spaces...but they did. Their SWIPs don't document proper usage in my opinion...

They are going to have pretty much all one to one transalations going on. IE. 216.82.64.3 --> 192.168.64.3. We are also going to have a router behind the pix with a point to point t-1 to the remote office which will be piggy-backing the bandwidth from the datacenter.

What I was hoping was to do was have a private range 192.168.64.0/21 on the inside that nats to its perspective public address.

So, I am not really thinking in terms of DMZ...I am thinking 2 outside interfaces and 1 inside.

Crazy huh...

Thanks!

Eric

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card