Pix 515E multiple subnets on outside interface

Unanswered Question
May 3rd, 2007
User Badges:

Can you have multiple subnets on the outside of a Pix 515E with 6.3(3)? I have run out of addresses and adding a subnet would take much less configuration changes. I have a 2801 router with a T1 card with the Pix 515E behind it. If I just set up the routes for new public subnet on the 2801 and setup on the outside of the Pix the Nat and acls for the different subnet would it then be pingable etc.?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Thu, 05/03/2007 - 12:48
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


If i understand correctly then yes you can use another subnet on your pix for NAT etc. As long as the subnet your are using gets routed to the outside interface of your pix then it should all work fine.


We have done this a number of times where i work.


HTH


Jon

mark.j.hodge Fri, 05/04/2007 - 11:19
User Badges:
  • Bronze, 100 points or more

Have you any experiance of implementing this in a Failover environment, are there any additional issues to be aware of?

Jon Marshall Fri, 05/04/2007 - 12:08
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Mark


Yes it works in a failover environment as well. There are no additional issues i have come across. All you are doing is setting up static statements and acl rules for this additional subnet and these are automatically updated to the failover device.


Your routing to this subnet just points to the IP on the outside interface of the active Pix which gets transferred in failover anyway.


HTH


Jon



Actions

This Discussion