Re: Assigning public IP's to DMZ?

jmx2020 · ‎09-29-2005

I have a PIX 515E (restricted), and have a situation where I need to avoid using NAT for hosts on my DMZ (long story...has to do with new VOIP equipment that won't work behind NAT).

I have a large block of public IP addresses, mostly unused. I assume I would just set up the interface with the public IP subnet; however, the outside routers uses an IP address in this block as well. Does that pose a problem as long as I know not to use it as the IP of a host in the DMZ?

Thanks!

bigchoice75 · ‎09-29-2005

you should subnet the range you were assigned from ISP and make sure the ip's assigned to your internet routers do not share the same address space as the dmz hosts.

jackko · ‎09-29-2005

www <--outside int--> router <--inside int--outside int--> pix <--dmz int-->

you mentioned that the outside router uses an ip address in the same block. do you mean the inside int of the router, which is connected to the pix outside int? if so, that means you are trying to configure both pix outside and dmz int to be the same network. unfortunately, it's not possible on pix.

jmx2020 · ‎09-30-2005

Ah, yes I see the problem. Yes, the PIX outside and DMZ would be within the same subnet. Guess I can't do what I needed to do...

Thanks,

JMX

bigchoice75 · ‎09-30-2005

JMX,

as I mentioned, You would have to subnet the range. What did your isp assign you? /24,/25,/26...etc???