Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
375
Views
0
Helpful
1
Replies

PIX outside global different ip pool

mbalasubramanian
Level 1
Level 1

‎04-07-2005 09:03 PM - edited ‎02-21-2020 12:03 AM

Hi,

We have a pix 515e running 6.3 fos having a public ip on outside interface sharing a last octet 252(so 2 hosts) with the router which is its default gateway.This interface is presently patting all traffic.I now need to introduce another pool thru global command with nat id of 2 for ex and pat outgoing traffic thru an ip of the second pool(on a diff subnet) ,since i am also managing the gateway router having ip of the first subnet and as the def gateway on the pix ,please let me know of all the steps required to use the second global ip pool

in terms of routing

Pointers appreciated

0 Helpful
1 Reply 1

fedrodri
Level 1
Level 1

‎04-08-2005 04:26 PM

Hi,

All you have to make sure is that whether you have a secondary IP address on the external router interface (the interface facing the PIX outside interface) on the same subnet as the second pool of IPs that you are going to setup on the PIX, or that you add an static route (on the router), so you route all traffic destined to the second subnet to the PIX outside interface. The PIX Proxy-ARP feature would take care of the rest...

As you can see from the following link, the PIX does proxy-arping (or responds with its own MAC address, for ARP requests destined to another IP that is not its own) for any configured IP address on a global or static command. The Proxy-ARP feature is on by default, and you should never turn it off on the outside interface. Here is the link:

-- Command Reference (sysopt noproxyarp command):

http://cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/s.htm#wp1026942

So, bottom line, you just need to configure the nat/global statements (the normal way) and then make sure on the external routers that there is a route to the subnet specified on the 'global' statement. The route would be there by default if you configure a secondary IP address on the router's interface (and will show as directly connected), or you can enter an static route.

I hope this helps, and that I did not manage to confuse you :0)

Thanks,

Federico Rodriguez

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card