06-19-2008 01:08 PM
Hi,
Dou you know If my ip address inside command in a PIX, It supports a secondary IP address ?.
Thank you
06-19-2008 01:22 PM
Unfortunately secondary IP addresses on interfaces is not supported on any PIX/ASA platform.
-Rgds
Jorge
06-19-2008 06:58 PM
hello,
May be 802.1q encapsulation on interface ethernet with sub-interface (Vlans) could solve your problem
06-20-2008 05:57 AM
Can I use it on PIX firewall ?
06-20-2008 06:42 AM
06-20-2008 10:43 AM
My problem is
I'm using 3 interface on this PIX, but Inside Interface has 10.10.10.1/24 network, but, I'm going to add a new network, I have another Cisco Router(10.10.10.2) where I'm going to add a secondary network(192.168.1.1/25), my question is, How can PIX NAT this new network too for accessing to Internet ?.
Thank you.
06-20-2008 11:05 AM
What PIX code version do you have? 6.3 or 7.X?
What type of routing are you using, static or dynamic routing in PIX.
in any case, in order to nat the the 192.168.1.0/25 network for internet access on pix you need nat statement
for example, say your outside interface is network 3.3.3.0/24
you may have in your pix
global (outside) 1 interface
or say you have a global nat pool
global (outside )2 3.3.3.100-3.3.3.150
nat (inside) 1 0.0 ( nats all inside networks )
for your new network
nat (inside) 2 192.168.1.0 255.255.255.128
above nat will use pool id 2 to nat abound connections for 192.168.1.0 net.
you may need static route as well
route inside 192.168.1.0 255.255.255.128 10.10.10.2 if that new network is routed through the 10.10.10.2
Rgds
-Jorge
06-20-2008 11:48 AM
It's looks excellent, I'm using 6.3, Do 6.3 works ?.
I'm going to test, thank you.
Best regards, Luis.
06-20-2008 01:36 PM
Luis,
I have read again your post, if you need another network like you said 192.168.1.0/25 you do not need to add another router, as previously posted before me you can run another network from inside interface by spliting it using 802.1q trunking, you could have 10.10.10.0/24 inside physical and 192.168.1.0/25 logical and trunk the firewall inside physical interface into a switch that suupports trunking, create two L2 vlans in your switch and have two routable networks on the firewall.
Because you are running 6.3.x each interface say the inside physical can have sec level of 100 and the logical sec level of 99, then with some additional configuration you can have the two networks running in the pix, but I do not know what model pix you have but if you have PIX 506E you have up to two VLANs to run on that pix. Now if you have the PIX 515E and with proper memory upgrade you could use PIX code 7.x or 8.x and use 802.1q but use same security levels on interfaces..
But... if you require to have a network separated with a router on the inside then try my suggestion, you still may need additional configuration on both pix and router.
Rgds
-Jorge
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: