Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
458
Views
0
Helpful
5
Replies

Configure ip addresses in the external interface

Go to solution
sistemas
Level 1
Level 1

‎02-04-2009 08:24 AM - edited ‎03-11-2019 07:45 AM

Hi, I have a 515e pix and I need to configure a pool address in my external interface. I have 5 ip addresses of isp provider. I use the ASDM software.

Thankyou.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎02-04-2009 08:54 AM

Simply create a new pool ID in your firewall.

If your ISP gave you a /28 you then have 6 addresses , you loose one for PIX outside interface.

say you have 10.20.20.0/28

You can use outside to PAT, you will see similar scenario as:

your PIX outside interface IP is 10.20.20.1/28

global (outside) 1 interface

nat (inside) 1 0 0 (this Will pat anything inside againts your oustside global interface ip)

then crteate a POOL ID , say we use POOL ID 2 , and use remaining public IPs for that pool.

global (outside) 2 10.20.20.2-10.20.20.6

you may difine specific inside subnet to use pool 2 instead of PAT

say you have inside segments as 172.16.1.0/24 , 10.3.4.0/24 and want to have these subnets use your Pool ID 2.

nat (inside ) 2 172.16.1.0 255.255.255.0

nat (inside) 2 10.3.4.0 255.255.255.0

everything else inside will use PAT via global (outside) 1 interface

Regards

Jorge Rodriguez

View solution in original post

0 Helpful
5 Replies 5

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎02-04-2009 08:54 AM

Simply create a new pool ID in your firewall.

If your ISP gave you a /28 you then have 6 addresses , you loose one for PIX outside interface.

say you have 10.20.20.0/28

You can use outside to PAT, you will see similar scenario as:

your PIX outside interface IP is 10.20.20.1/28

global (outside) 1 interface

nat (inside) 1 0 0 (this Will pat anything inside againts your oustside global interface ip)

then crteate a POOL ID , say we use POOL ID 2 , and use remaining public IPs for that pool.

global (outside) 2 10.20.20.2-10.20.20.6

you may difine specific inside subnet to use pool 2 instead of PAT

say you have inside segments as 172.16.1.0/24 , 10.3.4.0/24 and want to have these subnets use your Pool ID 2.

nat (inside ) 2 172.16.1.0 255.255.255.0

nat (inside) 2 10.3.4.0 255.255.255.0

everything else inside will use PAT via global (outside) 1 interface

Regards

Jorge Rodriguez
0 Helpful

Go to solution
sistemas
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎02-04-2009 10:40 AM

Hola Jorge, gracias por contestar tan rápido. Verás he creado el pool con las direcciones públicas de mi proveedor, pero ninguna de estas direcciones responden a un ping desde fuera. En cambio la ip principal (outside) si que responde. ¿Tengo que añadir algún tipo de regla?. Además tengo que crear un nat de una de estas direcciones públicas a una ip privada de mi lan, ¿como hago esto si en el pool están todas las direcciones?. Perdona mi ignorancia y gracias de antemano.

0 Helpful

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to sistemas

‎02-04-2009 11:54 AM

he creado el pool con las direcciones públicas de mi proveedor, pero ninguna de estas direcciones responden a un ping desde fuera. En cambio la ip principal (outside) si que responde. ¿Tengo que añadir algún tipo de regla?. Además tengo que crear un nat de una de estas direcciones públicas a una ip privada de mi lan, ¿como hago esto si en el pool están todas las direcciones?. Perdona mi ignorancia y gracias de antemano.

translated I have created the pool with the public IP addresses from my provider, but none of these addresses respond to pings from outside. The primary ip from (outside) does respond. Do I have to additionally create some type of rule? beside, I have to create a nat from one of these public addresses to a orivate IP in my LAN. How do I do this if all these addresses are in a pool? sorry for my ignorance and thank before hand.

Hi Luis, I know you can write in English and would like if you could write in English on this post to expand and reach the forum folks.. you will have lots of help from us.

First I though you wanted to create a pool from the remaining public IP addresses , and that is why I responded with an example. Now your requirement has changed to use those public addresses for static nat translations.

There are many ways you can use these addresses for static NAT or port forwarding to save public IP addresses but to keep your requirement simple lets work with a simple static one-to-one NAT and take you a step at a time.

Forget about the pool for a moument, if you need to map a public IP address to a private IP address you can accomplish this through static NAT.

This is an example:

static (inside,outside) netmask 255.255.255.255

then you need to create an access rule to permit traffic from outside to inside via the public IP address you have configured as the example above.

Do you understand up to here?

Regards

PLS rate any helpful posts

Jorge Rodriguez
0 Helpful

Go to solution
sistemas
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎02-11-2009 09:03 AM

Hi all, Hi Jorge

Thank you for your help and for your answers. I have done what you said and it works. Although the public ip doesn't respond to pings, I can reach the private server from outside. I have just put the nat and the access rule and it works. Thank you.

0 Helpful

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to sistemas

‎02-11-2009 12:20 PM

Luis, thanks for posting the update and glad all worked out.. thank you for rating.

B.Regards

Jorge

Jorge Rodriguez
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card