Pix 515E second internal IP address

Answered Question
Mar 20th, 2008
User Badges:

Hi everyone quick question how do you configure another ip address on a pix? I already have an in and out what I was looking to do is add another in address. I tried just doing: ip address inside 192.168.50.25 255.255.255.0 but ended up changing my inside ip address thus locking me out of the PIX. How do I add a secondary interface? Thank you in advance

Correct Answer by Jon Marshall about 9 years 1 month ago

Warren


interface ethernet2 100full

ip address intf2 192.168.50.24 255.255.255.0


Then connect the intf2 port to your switch. Obviously it needs to be in a different vlan than the one your inside interface connects to.


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Thu, 03/20/2008 - 10:30
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Warren


Pix firewalls do not allow secondary IP addresses on an interface so you have 2 choices really


1) Use a spare interface on the pix and address this from a different subnet range


2) If you don't have a spare interface you can run 802.1q on the inside interface and give yourself additional interfaces that way.


HTH


Jon

wgranada1 Thu, 03/20/2008 - 10:48
User Badges:

Hi Jon;


Ok I have a spare interface on the pix, I tried to put an ip address on it but it changed my original inside interface and I locked myself out again. I was trying to add and ip address to:


no ip address intf2


interface2 but I keep changing my original inside ip and locking myslef out. I think I

know what I'm doing wrong but afraid to try it

now as I keep locking myself out. This is probably wrong:


ip address inside 192.168.50.25 255.255.255.0


I know this is wrong as I lock myself out

to add a ip address on interface2, which is free what do I need to do?

Jon Marshall Thu, 03/20/2008 - 10:50
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Warren


If you already have an inside interface called "inside" then you will need to give your spare interface a different name on the interface.


Which version of software are you running and could you post config.


Jon

wgranada1 Thu, 03/20/2008 - 11:02
User Badges:

Sure please see attached

I wanted to use ethernet2/intf2 add the following IP address to is


192.168.50.24


thank you for your help!!



Attachment: 
Correct Answer
Jon Marshall Thu, 03/20/2008 - 11:06
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Warren


interface ethernet2 100full

ip address intf2 192.168.50.24 255.255.255.0


Then connect the intf2 port to your switch. Obviously it needs to be in a different vlan than the one your inside interface connects to.


Jon

wgranada1 Thu, 03/20/2008 - 11:24
User Badges:


Thanks Jon for the information!!!! Have a good weekend!

Actions

This Discussion