|
|
 FAQ
 Search
 Memberlist
 Usergroups
 Register
 Profile
 Private messages
 Log in
|
|
| Author |
Message |
The Techie
Guest
|
 Posted: Wed Apr 19, 2006 10:52 am Post subject: Add extra IPs to outside interface in 506E |
 |
|
I have a PIX 506E with a single public IP on it's outside, but we have
4 more IPs available to us in a /30 subnet. I need to know if I can add
these extra IPs to the outside interface and set up translation rules
to different servers inside.
How??
Anyone?
Cheers,
Chris. |
|
| Back to top |
|
 |
|
|
AM
Guest
|
| Posted: Wed Apr 19, 2006 4:45 pm Post subject: Re: Add extra IPs to outside interface in 506E |
|
|
The Techie wrote:
| Quote: | I have a PIX 506E with a single public IP on it's outside, but we have
4 more IPs available to us in a /30 subnet. I need to know if I can add
these extra IPs to the outside interface and set up translation rules
to different servers inside.
|
I think you needn't to "add" more IP addresses to the interface. Just use the translations (static NAT) rules and the
PIX will intercept all the traffic going towards those addresses and if correctly configured it will forward the traffic
of interest to internal servers.
Obviously those 4 addresses must be forwarded to it by the previous hop.
Bye,
alex. |
|
| Back to top |
|
|
Walter Roberson
Guest
|
| Posted: Wed Apr 19, 2006 7:51 pm Post subject: Re: Add extra IPs to outside interface in 506E |
|
|
In article <8iq1g.88549$A83.2097496@twister1.libero.it>, AM <am@am.am> wrote:
| Quote: | The Techie wrote:
I have a PIX 506E with a single public IP on it's outside, but we have
4 more IPs available to us in a /30 subnet. I need to know if I can add
these extra IPs to the outside interface and set up translation rules
to different servers inside.
I think you needn't to "add" more IP addresses to the interface. Just
use the translations (static NAT) rules and the
PIX will intercept all the traffic going towards those addresses and if
correctly configured it will forward the traffic
of interest to internal servers.
Obviously those 4 addresses must be forwarded to it by the previous hop.
|
Expanding slightly on what AM said:
It is not possible to get the PIX itself to respond to multiple IP
addresses for a single [logical] interface. That is, the PIX *itself*
cannot be made to respond to pings to different addresses, nor can you
have multiple VPN termination IPs on a single [logical] interface,
nor can you manage the PIX (telnet, ssh, PDM, ASDM for PIX 7)
through several IPs on the same interface. (This can be of importance
when the IPs you would -like- to use are on different subnets and
there is no router path you can use.)
The PIX is, though, happy to handle any number of different IPs
for traffic passing *through* the PIX. It will often proxy ARP for
the IPs (no matter what subnet they are), but there are some instances
in which proxy ARP is disabled so it is best not to count on that and
to instead explicitly route the extra IPs to the official PIX interface IP. |
|
| Back to top |
|
|
NETADMIN
Guest
|
| Posted: Wed Apr 19, 2006 8:06 pm Post subject: Re: Add extra IPs to outside interface in 506E |
|
|
Their are 2 possibility to use extra IPaddresses
1. PAT thats is patting all internal IPs to extra IPs for better
performance of Web traffic.
2. Static NAT that is statically mapping IP one to one (extrnal IP to
internal server)
If not inthis two icant understand whatyou aksed pleas ebe more
specific?
Regards..
CK-NET |
|
| Back to top |
|
|
The Techie
Guest
|
| Posted: Thu Apr 20, 2006 5:05 am Post subject: Re: Add extra IPs to outside interface in 506E |
|
|
Hi Alex,
I suspected this was the case, but my previous config attempts must
have been wrong! I have just now created a new static PAT through to a
host on the inside, using one of my alternate IPs, and with the correct
port opened in the ACL, the connection worked fine. Thanks for your
assistance.
Chris. |
|
| Back to top |
|
|
|
|
