07-19-2006 05:02 AM - edited 02-21-2020 01:03 AM
Hello,
We have a PIX 515 runnig 6.3 code, there are 3 interfaces, the Inside and DMZ use RFC 1918 address, the Outside uses routable addresses. The Outside addresses are mainly used to statically map 1:1 with the Inside and DMZ addresses.
The problem is that the Outside addresses have run out and our ISP has assigned a new range which needs to be used with the existing one. How do we route these? On a router we would probably look at secondary addressing on the interfaces, what happens on a PIX? Can we just start using the new addresses in a static command?
Regards,
Pat
07-19-2006 05:23 AM
No, you can't do secondary addressing on a PIX.
Instead, on your internet router you need:
ip route [new_network] [mask] PIX_outside_IP
then you can set up NATs etc.
The ISP may have done that laready, or they may have done "ip route .... ethernet0", which is no good for you.
Try configuring a static NAT and test it to see which they've done.
07-27-2006 08:09 AM
Hello Grant,
Thanks for this, however it turns out there is a bug in this level of PIX IOS see CSCeb06082 i.e.:
The PIX does not respond to the ARP requests which originate from addresses
other than directly
connected subnet.
07-28-2006 12:32 AM
I have the same problem. I tried to do static nat and still is not working. What do we do?
07-28-2006 12:57 AM
You have 2 options:
1) Upgrade your current IOS to 6.3.2 or higher
2) Put in static ARP entries for said address on next hop router. If this is owned by an ISP you will need to get them to do it.
07-30-2006 09:55 AM
Guys i dont think ARP will come into the picture...
u r explicitly giving a route on the router....So arp not required..i think that should work.
Ofcourse u wull have problems when u want the communication to happen without arp
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide