cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1305
Views
0
Helpful
12
Replies

multiple IPs on outside interface

alexus
Level 1
Level 1

I have following issue:

I have a Cisco PIX 515E, and people where I rent my office from they provided me with a what looks like either a hub or switch where they told me to plug in too, they gave me few public IPs that I can use, but here is the thing... one of these IPs I assigned on outside interface, made NAT working, routing all and all, yet I need to have other IPs pointed to me so I can do static routes to my other server/devices, yet if i dont assign them to myself, they are "nowhere"... is there a way for me to assign all of my ips somehow on outside interface? i.e. to assign more then one IP on outside interface?

12 Replies 12

alexus
Level 1
Level 1

i forgot to mention i'm using PIX 7.2(2)

Jon Marshall
Hall of Fame
Hall of Fame

As long as the other addresses are routed to the outside interface of your pix you do not need to assign them to a physical interface eg.

your outside interface on pix is 195.166.77.1

you also have 195.166.77.2 - 6 to use as public IP addresses.

you want to present an internal server of 192.168.5.10 as 195.166.77.2 to users on the outside so they can access web services

static (inside,outside) 195.166.77.2 192.168.5.10 netmask 255.255.255.255

access-list outside_access_in permit tcp any host 195.166.77.2 eq 80

access-group outside_access_in in interface outside

Jon

well, thats the problem... nothing is routed to me, its sort of if i assign it to myself i have it if i dont assign it i dont have it...

"they gave me few public IPs that I can use"

Can you confirm that the public IP's in your above statement are real IP addresses assigned to you ?

If so are you saying you need more addresses or you just want to use the ones you have been assigned. The IP addresses assigned to you will be routed to your firewall - otherwise you wouldn't be able to use any of them. So if you just want to use all the public IP addresses assigned to you see my previous post.

If you want additional ones you need to talk to the people who you rent the building off. You cannot assign yourself public IPs.

Jon

i was given a list of non-sequancial IPs that I can use for myself, public IPs and I need to use those IPs

my setup is like this

internet <-> building.network (switch) <-> pix <-> my.server

they not routed to my pix, so i just have to take them, thats how i assigned one of them to pix right now (outside), but i have list of other ips that i need somehow route over myself or assign to myself, which i dont know how...

Okay, out of those IP addresses you have used one of the IP addresses for the outside interface of your pix.

So as per previous post you can use the other IP addresses to represent internal addresses.

From your example above

my.server = 192.168.5.10

One of the spare public IP addresses = 195.166.77.5

static (inside,outside) 195.166.77.5 192.168.5.10 netmask 255.255.255.255

the above statement tells your pix that any requests arriving at the outside interface of your pix for 195.166.77.5 will be translated to 192.168.5.10. It also says any traffic coming from 192.168.5.10 destined for the internet will be translated to 195.166.77.5 as it goes out.

You need to make sure you have allowed access to your server if you want people from the Internet to access the internal server ie. see previous post for access-list details.

Jon

i already have all that in my pix, the problem is i have more the one static route into my pix, and since just one of ip is assigned to my outside interface and rest just out somewhere...

so i somehow need to assign more then 1 ip to my outside interface

or whenever you said "route" to me, how would I explain it to their network guy? if he's not knowlegable enough? if i get access to their route what do i need to do there?

Are the other IP addresses out of the same subnet as the IP address on your outside interface of the pix ?

Jon

they not in sequance, yet i guess they belong to part of subnet

If they are in the same subnet you should not need to add routes anywhere - if they were in a different subnet you would.

Can you post the IP address of

1) The outside interface of your pix + the subnet mask that goes with it

2) The default-gateway on your pix

3) The spare addresses

You do not to post real addresses but you do need to post the correct last octet eg.

x.x.x.10

x.x.x.14

etc...

Jon

66.55.77.56

66.55.77.57

66.55.77.58

66.55.77.59

66.55.77.61

66.55.77.33 gw

255.255.255.224 sub

They are all part of the same subnet so you should not need any additional routes as far as i can see. This presumably what the network looks like

Internet -> Building_router (66.55.77.33) -> (66.55.77.56) -> your pix -> yourserver

I'm guessing .56 is the pix address.

So it looks like there might be a problem with the pix configuration. Can you post

1) the config minus any sensitive info

2) the inside address of the server

3) the public ip address you have assigned to the server

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco