PIX Secondary IP address

gsimon · ‎03-15-2005

Hi All,

Is it possible to have a secondary IP address for PIX outside interface like how routers could ?

Patrick Iseli · ‎03-15-2005

No, it is not possible to have a secondary IP on a PIX Firewall.

sincerely

Patrick

gsimon · ‎03-15-2005

Does NAT work ?

sachinraja · ‎03-15-2005

Are both the ISP links terminating on the same border router ? if so, you can do a NAT and make this work.. all users from outside will see the 207.x.x.x IP as 204.44.x.x. You need to make sure both the internet links are working.. also, note that these traffic will still flow through the old internet link, as people will still access the 204.x.x.x IP, which is statially routed through the old ISP.

NAT & then IPSEC will have no issues. I think you can try out this option... secondary IP addresses cannot be used as patrick pointed out in his post...

All the best..

Raj

gsimon · ‎03-15-2005

Hi Raj, Both ISP links terminates on different border routers running iBGP between them. Thanks!

sachinraja · ‎03-15-2005

I think it will be the other way around.. the syntax of the command is

ip nat inside source static local-ip global-ip

ur global IP is 204.x.x.x & local is 207.x.x.x , right ???

if you have reachability from the old ISP's border router to 207.x.x.x, thats enough.. it should work..

all the best..

Raj