Re: [fw-wiz] Multiple Outside IPs on Cisco PIX 6.3.3


What is the subnet mask on your outside IP address on the interface? Are they part of the IP scheme for the outside interface of your modem? If the subnet mask includes your range of addresses then you can just create the statics and ACL's and the firewall will do its job. I am assuming the subnet mask is a /28 or, since you said you had 13 addresses. If it is not part of the subnet on the outside interface of your modem and you are getting a single host via DHCP, then you can still make this happen as the PIX uses what is called floating statics, but you will have to have your ISP put routes in pointing your new IP's to your modem. The firewall will take care of the rest with your statics and ACL's.

On Jan 13, 2009, at 11:01 AM, Josiah Bryan wrote:

Rather new to the advanced pix configs - I've been doing basic pix config/maint for the past 3 years.

I've got 13 public IPs that are coming in thru a cable modem to my PIX. The fist IP is routing correctly, but I can't seem to figure out how to get the PIX to accept any of the other IPs that I've bought.

Now, I'm used to the linux (redhat background) method if adding an alias to an interface, eg:
ifconfig eth0:0
ifconfig eth0:1
.. and so on and so forth.

Basically, is an equivalent operation possible with the PIX? (Running PIX ver 6.3(3))

(Of course, I'd like to be able to do static translation based on incoming IP, but I think I've got that line covered: "static (inside,outside) tcp smtp smtp netmask 0 0").

How do I add multiple "aliases" (for lack a better term) to the outside interface?

Thanks in advance for your patience and advice.

