09-16-2008 08:03 AM - edited 03-06-2019 01:24 AM
I have following issue:
I have a Cisco PIX 515E, and people where I rent my office from they provided me with a what looks like either a hub or switch where they told me to plug in too, they gave me few public IPs that I can use, but here is the thing... one of these IPs I assigned on outside interface, made NAT working, routing all and all, yet I need to have other IPs pointed to me so I can do static routes to my other server/devices, yet if i dont assign them to myself, they are "nowhere"... is there a way for me to assign all of my ips somehow on outside interface? i.e. to assign more then one IP on outside interface?
09-16-2008 08:10 AM
i forgot to mention i'm using PIX 7.2(2)
09-16-2008 08:51 AM
As long as the other addresses are routed to the outside interface of your pix you do not need to assign them to a physical interface eg.
your outside interface on pix is 195.166.77.1
you also have 195.166.77.2 - 6 to use as public IP addresses.
you want to present an internal server of 192.168.5.10 as 195.166.77.2 to users on the outside so they can access web services
static (inside,outside) 195.166.77.2 192.168.5.10 netmask 255.255.255.255
access-list outside_access_in permit tcp any host 195.166.77.2 eq 80
access-group outside_access_in in interface outside
Jon
09-16-2008 09:10 AM
well, thats the problem... nothing is routed to me, its sort of if i assign it to myself i have it if i dont assign it i dont have it...
09-16-2008 09:22 AM
"they gave me few public IPs that I can use"
Can you confirm that the public IP's in your above statement are real IP addresses assigned to you ?
If so are you saying you need more addresses or you just want to use the ones you have been assigned. The IP addresses assigned to you will be routed to your firewall - otherwise you wouldn't be able to use any of them. So if you just want to use all the public IP addresses assigned to you see my previous post.
If you want additional ones you need to talk to the people who you rent the building off. You cannot assign yourself public IPs.
Jon
09-16-2008 09:37 AM
i was given a list of non-sequancial IPs that I can use for myself, public IPs and I need to use those IPs
my setup is like this
internet <-> building.network (switch) <-> pix <-> my.server
they not routed to my pix, so i just have to take them, thats how i assigned one of them to pix right now (outside), but i have list of other ips that i need somehow route over myself or assign to myself, which i dont know how...
09-16-2008 09:43 AM
Okay, out of those IP addresses you have used one of the IP addresses for the outside interface of your pix.
So as per previous post you can use the other IP addresses to represent internal addresses.
From your example above
my.server = 192.168.5.10
One of the spare public IP addresses = 195.166.77.5
static (inside,outside) 195.166.77.5 192.168.5.10 netmask 255.255.255.255
the above statement tells your pix that any requests arriving at the outside interface of your pix for 195.166.77.5 will be translated to 192.168.5.10. It also says any traffic coming from 192.168.5.10 destined for the internet will be translated to 195.166.77.5 as it goes out.
You need to make sure you have allowed access to your server if you want people from the Internet to access the internal server ie. see previous post for access-list details.
Jon
09-16-2008 09:48 AM
i already have all that in my pix, the problem is i have more the one static route into my pix, and since just one of ip is assigned to my outside interface and rest just out somewhere...
so i somehow need to assign more then 1 ip to my outside interface
or whenever you said "route" to me, how would I explain it to their network guy? if he's not knowlegable enough? if i get access to their route what do i need to do there?
09-16-2008 09:51 AM
Are the other IP addresses out of the same subnet as the IP address on your outside interface of the pix ?
Jon
09-16-2008 09:55 AM
they not in sequance, yet i guess they belong to part of subnet
09-16-2008 10:02 AM
If they are in the same subnet you should not need to add routes anywhere - if they were in a different subnet you would.
Can you post the IP address of
1) The outside interface of your pix + the subnet mask that goes with it
2) The default-gateway on your pix
3) The spare addresses
You do not to post real addresses but you do need to post the correct last octet eg.
x.x.x.10
x.x.x.14
etc...
Jon
09-16-2008 10:09 AM
66.55.77.56
66.55.77.57
66.55.77.58
66.55.77.59
66.55.77.61
66.55.77.33 gw
255.255.255.224 sub
09-16-2008 10:14 AM
They are all part of the same subnet so you should not need any additional routes as far as i can see. This presumably what the network looks like
Internet -> Building_router (66.55.77.33) -> (66.55.77.56) -> your pix -> yourserver
I'm guessing .56 is the pix address.
So it looks like there might be a problem with the pix configuration. Can you post
1) the config minus any sensitive info
2) the inside address of the server
3) the public ip address you have assigned to the server
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide