03-04-2009 01:26 PM - edited 03-11-2019 08:00 AM
I am beginning to run out of address spaces and I am looking at getting another range. I would like to create sub-interfaces but I am running into one problem. When I move the interface "outside" interface to one of the subinterfaces anything applied to that interace goes away. Is there any way to move the "nameif outside" to a subinterface without losing all the references? Or does anyone have any other suggestions about how to bring in the new range?
03-04-2009 01:37 PM
Michael
Is the new range just going to be used for NAT etc. ?
If so you don't need another outside interface. You just need to make sure that your new IP address block is routed by your ISP to the existing outside interface of your firewall.
Then you can simply add static statements as normal eg.
static (dmz,outside) 195.77.1.10 192.168.5.10 netmask 255.255.255.255
where 195.77.1.10 is part of the new address block. Allow access in the acl and it should all work fine.
Note that the new IP address block does not have to follow on from your existing public IP block. As i say all you need to ensure is that any traffic destined for 195.77.1.x from the internet is routed to your firewall and the ISP should be doing this for you.
Jon
03-04-2009 01:41 PM
This is all I need but I was not sure that would work. Any way thanks for letting me know it will work.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: