multiple IPs on outside interface

Unanswered Question
Sep 16th, 2008

I have following issue:

I have a Cisco PIX 515E, and people where I rent my office from they provided me with a what looks like either a hub or switch where they told me to plug in too, they gave me few public IPs that I can use, but here is the thing... one of these IPs I assigned on outside interface, made NAT working, routing all and all, yet I need to have other IPs pointed to me so I can do static routes to my other server/devices, yet if i dont assign them to myself, they are "nowhere"... is there a way for me to assign all of my ips somehow on outside interface? i.e. to assign more then one IP on outside interface?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Tue, 09/16/2008 - 08:51

As long as the other addresses are routed to the outside interface of your pix you do not need to assign them to a physical interface eg.

your outside interface on pix is

you also have - 6 to use as public IP addresses.

you want to present an internal server of as to users on the outside so they can access web services

static (inside,outside) netmask

access-list outside_access_in permit tcp any host eq 80

access-group outside_access_in in interface outside


alexus Tue, 09/16/2008 - 09:10

well, thats the problem... nothing is routed to me, its sort of if i assign it to myself i have it if i dont assign it i dont have it...

Jon Marshall Tue, 09/16/2008 - 09:22

"they gave me few public IPs that I can use"

Can you confirm that the public IP's in your above statement are real IP addresses assigned to you ?

If so are you saying you need more addresses or you just want to use the ones you have been assigned. The IP addresses assigned to you will be routed to your firewall - otherwise you wouldn't be able to use any of them. So if you just want to use all the public IP addresses assigned to you see my previous post.

If you want additional ones you need to talk to the people who you rent the building off. You cannot assign yourself public IPs.


alexus Tue, 09/16/2008 - 09:37

i was given a list of non-sequancial IPs that I can use for myself, public IPs and I need to use those IPs

my setup is like this

internet <-> (switch) <-> pix <-> my.server

they not routed to my pix, so i just have to take them, thats how i assigned one of them to pix right now (outside), but i have list of other ips that i need somehow route over myself or assign to myself, which i dont know how...

Jon Marshall Tue, 09/16/2008 - 09:43

Okay, out of those IP addresses you have used one of the IP addresses for the outside interface of your pix.

So as per previous post you can use the other IP addresses to represent internal addresses.

From your example above

my.server =

One of the spare public IP addresses =

static (inside,outside) netmask

the above statement tells your pix that any requests arriving at the outside interface of your pix for will be translated to It also says any traffic coming from destined for the internet will be translated to as it goes out.

You need to make sure you have allowed access to your server if you want people from the Internet to access the internal server ie. see previous post for access-list details.


alexus Tue, 09/16/2008 - 09:48

i already have all that in my pix, the problem is i have more the one static route into my pix, and since just one of ip is assigned to my outside interface and rest just out somewhere...

so i somehow need to assign more then 1 ip to my outside interface

or whenever you said "route" to me, how would I explain it to their network guy? if he's not knowlegable enough? if i get access to their route what do i need to do there?

Jon Marshall Tue, 09/16/2008 - 09:51

Are the other IP addresses out of the same subnet as the IP address on your outside interface of the pix ?


alexus Tue, 09/16/2008 - 09:55

they not in sequance, yet i guess they belong to part of subnet

Jon Marshall Tue, 09/16/2008 - 10:02

If they are in the same subnet you should not need to add routes anywhere - if they were in a different subnet you would.

Can you post the IP address of

1) The outside interface of your pix + the subnet mask that goes with it

2) The default-gateway on your pix

3) The spare addresses

You do not to post real addresses but you do need to post the correct last octet eg.





alexus Tue, 09/16/2008 - 10:09 gw sub

Jon Marshall Tue, 09/16/2008 - 10:14

They are all part of the same subnet so you should not need any additional routes as far as i can see. This presumably what the network looks like

Internet -> Building_router ( -> ( -> your pix -> yourserver

I'm guessing .56 is the pix address.

So it looks like there might be a problem with the pix configuration. Can you post

1) the config minus any sensitive info

2) the inside address of the server

3) the public ip address you have assigned to the server



This Discussion