09-29-2005 03:51 AM - edited 03-09-2019 12:33 PM
I have a PIX 515E (restricted), and have a situation where I need to avoid using NAT for hosts on my DMZ (long story...has to do with new VOIP equipment that won't work behind NAT).
I have a large block of public IP addresses, mostly unused. I assume I would just set up the interface with the public IP subnet; however, the outside routers uses an IP address in this block as well. Does that pose a problem as long as I know not to use it as the IP of a host in the DMZ?
Thanks!
09-29-2005 05:16 AM
you should subnet the range you were assigned from ISP and make sure the ip's assigned to your internet routers do not share the same address space as the dmz hosts.
09-29-2005 05:22 AM
www <--outside int--> router <--inside int--outside int--> pix <--dmz int-->
you mentioned that the outside router uses an ip address in the same block. do you mean the inside int of the router, which is connected to the pix outside int? if so, that means you are trying to configure both pix outside and dmz int to be the same network. unfortunately, it's not possible on pix.
09-30-2005 04:20 AM
Ah, yes I see the problem. Yes, the PIX outside and DMZ would be within the same subnet. Guess I can't do what I needed to do...
Thanks,
JMX
09-30-2005 05:32 AM
JMX,
as I mentioned, You would have to subnet the range. What did your isp assign you? /24,/25,/26...etc???
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide