PIX OUTSIDE SUBNETTING

edimonte1980 · ‎01-02-2006

I have a Cisco Pix 515E with one outside interface configure with a subnet 62.81.aa.bb/28. My ISP gave me another pool of 6 Public IP address, but different network class (new one is 194.aa.bb.cc/29) Is it possible to have one outside interface controlling two different subnets with different rage???

johansens · ‎01-02-2006

Yes, you can have this.

The service provider should now make sure the new range of addresses is routed to your existing PIX. There you can use the addresses as you wish for NAT/PAT'ing purposes or route them to another interface if you wish.

The setup (as an example) would be as follows:

The ISP's router and your gateway to the internet:

62.81.aa.1

Your PIX outside interface: 62.81.aa.2

The remaining outside addresses of the existing network which you control on the PIX: 62.81.aa.3 to 62.81.aa.14 (where .15 is the broadcast-address, and can't be used)

The new network should the be routed to your existing PIX outside interface 62.81.aa.2

The new addresses could then be used as addresses in the "global (outside)

" configuration.

Did it help?

jackko · ‎01-02-2006

as suggested from the previous post, i believe the best thing to do is to verify with your isp.

normally, the new range should be routed to the existing range. unfortunately, i had an isp (who has no idea at all) just issue two completely different ranges, and they don't work together until the isp added the routing.

assuming the isp has done the right thing, then the new range can be used for nat/global or static. for instance, you can use it to map a web server, or a mail server without modifying the existing nat/global.

e.g. the existing config would have:

global (outside) 1 62.81.aa.bb

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

to configure the new range for web server:

static (inside,outside) 194.aa.bb.cc netmask 255.255.255.255