02-17-2010 06:44 AM - edited 03-11-2019 10:11 AM
Hello,
I have to install a PIX firewall and I have a question. Our ISP has assigned us two ranges of IP's (each range from a different subnet, for example, 10.165.100.32/27 and 10.165.200.160/27). I will assign one IP from one of these two ranges to the PIX outside interface (for example, 10.165.200.162/27). But I want the PIX firewall to route the IP paquets destined to the 10.165.100.32/27 subnet (I don't want to send these paquets to the router 10.165.200.161/27, who has an interface with two different IP).
For this reason, I thought to assign a secondary IP (for example, 10.165.100.60) to the PIX outside interface. I've read the command reference guide and I haven't found how can I assign a secondary IP to an interface. Anyone know how can I do it?
I've attached a document with the network diagram.
Thanks in advance,
Solved! Go to Solution.
02-17-2010 08:31 AM
cdelafuente31 wrote:
Hello,
I have to install a PIX firewall and I have a question. Our ISP has assigned us two ranges of IP's (each range from a different subnet, for example, 10.165.100.32/27 and 10.165.200.160/27). I will assign one IP from one of these two ranges to the PIX outside interface (for example, 10.165.200.162/27). But I want the PIX firewall to route the IP paquets destined to the 10.165.100.32/27 subnet (I don't want to send these paquets to the router 10.165.200.161/27, who has an interface with two different IP).
## For this reason, I thought to assign a secondary IP (for example, 10.165.100.60) to the PIX outside interface. I've read the command reference guide and I haven't found how can I assign a secondary IP to an interface. Anyone know how can I do it?
I've attached a document with the network diagram.
Thanks in advance,
The short answer is you can't use secondary addresses with the pix/ASA firewalls.
The good news however is that you don't need to. As long as the ISP routes the packets for 10.165.100.160/27 to the outside interface of your pix then you just setup static NAT translations as you do with the 10.165.200.160/27 network.
So you use the 10.165.200.160/27 network to address the physical outside interface of the pix and perhaps some static NAT translations.
And the 10.165.100.160/27 you just setup static NAT translations eg.
static (inside,outside) 10.165.100.161 192.168.5.10 netmask 255.255.255.255
etc..
Jon
02-17-2010 08:31 AM
cdelafuente31 wrote:
Hello,
I have to install a PIX firewall and I have a question. Our ISP has assigned us two ranges of IP's (each range from a different subnet, for example, 10.165.100.32/27 and 10.165.200.160/27). I will assign one IP from one of these two ranges to the PIX outside interface (for example, 10.165.200.162/27). But I want the PIX firewall to route the IP paquets destined to the 10.165.100.32/27 subnet (I don't want to send these paquets to the router 10.165.200.161/27, who has an interface with two different IP).
## For this reason, I thought to assign a secondary IP (for example, 10.165.100.60) to the PIX outside interface. I've read the command reference guide and I haven't found how can I assign a secondary IP to an interface. Anyone know how can I do it?
I've attached a document with the network diagram.
Thanks in advance,
The short answer is you can't use secondary addresses with the pix/ASA firewalls.
The good news however is that you don't need to. As long as the ISP routes the packets for 10.165.100.160/27 to the outside interface of your pix then you just setup static NAT translations as you do with the 10.165.200.160/27 network.
So you use the 10.165.200.160/27 network to address the physical outside interface of the pix and perhaps some static NAT translations.
And the 10.165.100.160/27 you just setup static NAT translations eg.
static (inside,outside) 10.165.100.161 192.168.5.10 netmask 255.255.255.255
etc..
Jon
02-17-2010 08:40 AM
Thank you very much for the info,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide