multiple IPs on outside interface

Unanswered Question
Sep 16th, 2008
User Badges:

I have following issue:


I have a Cisco PIX 515E, and people where I rent my office from they provided me with a what looks like either a hub or switch where they told me to plug in too, they gave me few public IPs that I can use, but here is the thing... one of these IPs I assigned on outside interface, made NAT working, routing all and all, yet I need to have other IPs pointed to me so I can do static routes to my other server/devices, yet if i dont assign them to myself, they are "nowhere"... is there a way for me to assign all of my ips somehow on outside interface? i.e. to assign more then one IP on outside interface?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
alexus Tue, 09/16/2008 - 08:10
User Badges:

i forgot to mention i'm using PIX 7.2(2)

Jon Marshall Tue, 09/16/2008 - 08:51
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

As long as the other addresses are routed to the outside interface of your pix you do not need to assign them to a physical interface eg.


your outside interface on pix is 195.166.77.1


you also have 195.166.77.2 - 6 to use as public IP addresses.


you want to present an internal server of 192.168.5.10 as 195.166.77.2 to users on the outside so they can access web services


static (inside,outside) 195.166.77.2 192.168.5.10 netmask 255.255.255.255


access-list outside_access_in permit tcp any host 195.166.77.2 eq 80


access-group outside_access_in in interface outside


Jon

alexus Tue, 09/16/2008 - 09:10
User Badges:

well, thats the problem... nothing is routed to me, its sort of if i assign it to myself i have it if i dont assign it i dont have it...

Jon Marshall Tue, 09/16/2008 - 09:22
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

"they gave me few public IPs that I can use"


Can you confirm that the public IP's in your above statement are real IP addresses assigned to you ?


If so are you saying you need more addresses or you just want to use the ones you have been assigned. The IP addresses assigned to you will be routed to your firewall - otherwise you wouldn't be able to use any of them. So if you just want to use all the public IP addresses assigned to you see my previous post.


If you want additional ones you need to talk to the people who you rent the building off. You cannot assign yourself public IPs.


Jon

alexus Tue, 09/16/2008 - 09:37
User Badges:

i was given a list of non-sequancial IPs that I can use for myself, public IPs and I need to use those IPs


my setup is like this


internet <-> building.network (switch) <-> pix <-> my.server


they not routed to my pix, so i just have to take them, thats how i assigned one of them to pix right now (outside), but i have list of other ips that i need somehow route over myself or assign to myself, which i dont know how...

Jon Marshall Tue, 09/16/2008 - 09:43
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Okay, out of those IP addresses you have used one of the IP addresses for the outside interface of your pix.


So as per previous post you can use the other IP addresses to represent internal addresses.


From your example above


my.server = 192.168.5.10


One of the spare public IP addresses = 195.166.77.5


static (inside,outside) 195.166.77.5 192.168.5.10 netmask 255.255.255.255


the above statement tells your pix that any requests arriving at the outside interface of your pix for 195.166.77.5 will be translated to 192.168.5.10. It also says any traffic coming from 192.168.5.10 destined for the internet will be translated to 195.166.77.5 as it goes out.


You need to make sure you have allowed access to your server if you want people from the Internet to access the internal server ie. see previous post for access-list details.


Jon


alexus Tue, 09/16/2008 - 09:48
User Badges:

i already have all that in my pix, the problem is i have more the one static route into my pix, and since just one of ip is assigned to my outside interface and rest just out somewhere...


so i somehow need to assign more then 1 ip to my outside interface


or whenever you said "route" to me, how would I explain it to their network guy? if he's not knowlegable enough? if i get access to their route what do i need to do there?

Jon Marshall Tue, 09/16/2008 - 09:51
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Are the other IP addresses out of the same subnet as the IP address on your outside interface of the pix ?


Jon

alexus Tue, 09/16/2008 - 09:55
User Badges:

they not in sequance, yet i guess they belong to part of subnet

Jon Marshall Tue, 09/16/2008 - 10:02
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

If they are in the same subnet you should not need to add routes anywhere - if they were in a different subnet you would.


Can you post the IP address of


1) The outside interface of your pix + the subnet mask that goes with it

2) The default-gateway on your pix

3) The spare addresses


You do not to post real addresses but you do need to post the correct last octet eg.


x.x.x.10

x.x.x.14


etc...


Jon

alexus Tue, 09/16/2008 - 10:09
User Badges:

66.55.77.56

66.55.77.57

66.55.77.58

66.55.77.59

66.55.77.61


66.55.77.33 gw

255.255.255.224 sub

Jon Marshall Tue, 09/16/2008 - 10:14
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

They are all part of the same subnet so you should not need any additional routes as far as i can see. This presumably what the network looks like


Internet -> Building_router (66.55.77.33) -> (66.55.77.56) -> your pix -> yourserver


I'm guessing .56 is the pix address.


So it looks like there might be a problem with the pix configuration. Can you post


1) the config minus any sensitive info

2) the inside address of the server

3) the public ip address you have assigned to the server


Jon

Actions

This Discussion