PIX 515 Multiple Outside IP Blocks

j.allred · ‎03-12-2008

PIX 515 with 4 interfaces

eth0 - outside

eth1 - inside

eth2 - DMZ

eth3 - not in use

We have added a second outside IP block to our Internet service. We would like to keep our current IP block and configuration on the outside interface. Can I use eth 3 as a second Outside interface and create static mappings just like I do with eth 0? If so, how would I handle default route settings?

Thanks,

Jay

brettmilborrow · ‎03-12-2008

Hi Jay,

You don't need to use another interface to configure this. All you need is the following:

1) Your ISP to route the entire new IP range to the current outside IP address of your firewall

2) Create static transltations to the new range specifying the current outside interface in the static command.

eg:

Current outside ip = y.y.y.y/24

Your ISP routes x.x.x.x/24 towards y.y.y.y

static (DMZ,outside) x.x.x.x d.d.d.d netmask 255.255.255.255

This solution is used often!

Good luck!

JORGE RODRIGUEZ · ‎03-12-2008

I do not understand the 1.0 ratings, even though I did not responded to original poster the reply from Bret is a very valid/solution reply that you do not need to use another physical interface in order to route a second public IP block from your current ISP towards your pix outside interface, I recommend to instead of placing a 1.0 ratings to be constructive in asking in a simple reply why you do not agree with the solution . remember that netpros are here to help out and while our networks run smoothly we take time aside to help in your problems.

Jorge

Jorge Rodriguez

brettmilborrow · ‎03-12-2008

Totally agree Jorge,

In fact, in this case, the use of a second interface is not possible as you can only have one default route.

Thanks for your comments...