Re: [fw-wiz] Multiple Outside IPs on Cisco PIX 6.3.3



Josiah,

What is the subnet mask on your outside IP address on the interface? Are they part of the IP scheme for the outside interface of your modem? If the subnet mask includes your range of addresses then you can just create the statics and ACL's and the firewall will do its job. I am assuming the subnet mask is a /28 or 255.255.255.240, since you said you had 13 addresses. If it is not part of the subnet on the outside interface of your modem and you are getting a single host via DHCP, then you can still make this happen as the PIX uses what is called floating statics, but you will have to have your ISP put routes in pointing your new IP's to your modem. The firewall will take care of the rest with your statics and ACL's.

Thank You,

Chris Myers
clmmacunix@xxxxxxxxxxx

John 1:17
For the Law was given through Moses; grace and truth were realized through Jesus Christ.


TIFF image

Go Vols!!!!

On Jan 13, 2009, at 11:01 AM, Josiah Bryan wrote:

Rather new to the advanced pix configs - I've been doing basic pix config/maint for the past 3 years.

I've got 13 public IPs that are coming in thru a cable modem to my PIX. The fist IP is routing correctly, but I can't seem to figure out how to get the PIX to accept any of the other IPs that I've bought.

Now, I'm used to the linux (redhat background) method if adding an alias to an interface, eg:
ifconfig eth0:0 1.2.3.4
ifconfig eth0:1 5.6.7.8
.. and so on and so forth.

Basically, is an equivalent operation possible with the PIX? (Running PIX ver 6.3(3))

(Of course, I'd like to be able to do static translation based on incoming IP, but I think I've got that line covered: "static (inside,outside) tcp 1.2.3.4 smtp 10.0.1.51 smtp netmask 255.255.255.255 0 0").

How do I add multiple "aliases" (for lack a better term) to the outside interface?

Thanks in advance for your patience and advice.

Regards,
Josiah Bryan

--
Josiah Bryan
IT Manager
Productive Concepts, Inc.
jbryan@xxxxxxxxxxxxxxxxxxxxxx
(765) 964-6009, ext. 224

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


Relevant Pages

  • PIX 515 Interface issues
    ... I used to have my desktop PC plugged directly into my DSL modem but ... now I have the PC and the modem plugged into the pix and now quite ... the status on the pix interface and its up/down. ... When the interface fereezes up, if I plug the PC directly into the ...
    (comp.dcom.sys.cisco)
  • Re: Interesting problem with pix 515 UR
    ... Consider diabling Proxy arp on inside interface. ... This pix have only 2 ethernet interfaces; i have connected the ethernet0via a cross cable ... fixup protocol dns maximum-length 512 ... ntp server 194.100.206.70 source outside ...
    (comp.dcom.sys.cisco)
  • Interesting problem with pix 515 UR
    ... This pix have only 2 ethernet interfaces; i have connected the ethernet0via a cross cable ... interface FastEthernet0/21 ... fixup protocol dns maximum-length 512 ... ntp server 194.100.206.70 source outside ...
    (comp.dcom.sys.cisco)
  • Re: One internal network, VPN, 2 PIX
    ... all I can ping is the internal interface on the PIX that I'm VPN'ing in to. ... Do I need to add ACL's into the Corp PIX to allow the VPN traffic (I already ... the 192.168.200.* inside hosts, the inside hosts are going to ... so the interior hosts send responses to the 501); ...
    (comp.dcom.sys.cisco)
  • AS5400 configuration help
    ... just like to configure for modem access, but when I dial into it I get ... controller E1 7/0 ... interface FastEthernet0/0 ... dialer rotary-group 1 ...
    (comp.dcom.sys.cisco)