pix with 2 different subnets on outside

mjhagen · ‎04-25-2005

I have a very large current configuration with a /24 to the outside using static to the dmz and inside. I need to add another /24 to the outside. Is there a way to nat this space in from the current outside or will I need to add the space to another interface

nkhawaja · ‎04-25-2005

you should be able to use the other IP address space in your NAT as long as you have correct routing in place

mjhagen · ‎04-25-2005

I have not tried adding the nat statements yet but from reading I do not see where I can add another IP address to the current interface. Without being able to do that I do not see how I can nat into the new address space.

nkhawaja · ‎04-25-2005

the ip address will not go on the interface. you cant assign secondary ip address to pix interface.

all you need is use static or NAT statments with the new set of IPs

sachinraja · ‎04-25-2005

ya ..nadeem is right.. you need not have a second interface here.. your nat statements can have any ip address and need not be a part of the present outside network.. so, just have the new pool , make statics/global with reference to the new ip addresses. make sure this new ip pool is routed through the ISP...

Raj

mjhagen · ‎04-26-2005

Thanks everything worked fine. I am most familiar with another firewall and it is not possible to have 2 outside network spaces.