We have tried this with no joy so far, I suspect the outside mask will need to change to allow for both subnets IE class A 0r B in this case even though the ISP subnets are both /29, this may fool the pix and router to see each other.

Have you checked with your ISP , they should be routing both subnets to your outside interface.

What version of PIX OS you have ?

Hello !

I will clarify my previous post , to make it work you have two options depending on how your ISP configured his router.

If they just added a second subnet by configuring a secondary IP to the interface facing your PIX then you have to enable proxy-arp on the outside interface of your PIX ,

no sysopt noproxyarp outside

For the other option you dont need to have proxy-arp enabled but your ISP should "route" the second subnet to your outside PIX address, using this command

route second_subnet subnet_mask outside_PIX_address

Hope this helps ... let me know !

Hi,

that first option you described is what my ISP have configured.

Do you know if the PIX 6.3 will do proxy arp on its outside interface for a static entry of a IP address which is not in the subnet of the outside?

In my case, it's not working.

Appreciate any help.

Hi,

Yes it should, provided that it is enabled first.

You can enable proxyarp on an interface by configuring the noproxyarp command

no sysopt noproxyarp outside

Hope this helps.