Best way to move outside to subinterfaces

Unanswered Question
Mar 4th, 2009
User Badges:

I am beginning to run out of address spaces and I am looking at getting another range. I would like to create sub-interfaces but I am running into one problem. When I move the interface "outside" interface to one of the subinterfaces anything applied to that interace goes away. Is there any way to move the "nameif outside" to a subinterface without losing all the references? Or does anyone have any other suggestions about how to bring in the new range?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 03/04/2009 - 13:37
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Michael


Is the new range just going to be used for NAT etc. ?


If so you don't need another outside interface. You just need to make sure that your new IP address block is routed by your ISP to the existing outside interface of your firewall.


Then you can simply add static statements as normal eg.


static (dmz,outside) 195.77.1.10 192.168.5.10 netmask 255.255.255.255


where 195.77.1.10 is part of the new address block. Allow access in the acl and it should all work fine.


Note that the new IP address block does not have to follow on from your existing public IP block. As i say all you need to ensure is that any traffic destined for 195.77.1.x from the internet is routed to your firewall and the ISP should be doing this for you.


Jon

Michael.Tuggle@... Wed, 03/04/2009 - 13:41
User Badges:

This is all I need but I was not sure that would work. Any way thanks for letting me know it will work.

Actions

This Discussion