Best way to move outside to subinterfaces

Michael.Tuggle · ‎03-04-2009

I am beginning to run out of address spaces and I am looking at getting another range. I would like to create sub-interfaces but I am running into one problem. When I move the interface "outside" interface to one of the subinterfaces anything applied to that interace goes away. Is there any way to move the "nameif outside" to a subinterface without losing all the references? Or does anyone have any other suggestions about how to bring in the new range?

Jon Marshall · ‎03-04-2009

Michael

Is the new range just going to be used for NAT etc. ?

If so you don't need another outside interface. You just need to make sure that your new IP address block is routed by your ISP to the existing outside interface of your firewall.

Then you can simply add static statements as normal eg.

static (dmz,outside) 195.77.1.10 192.168.5.10 netmask 255.255.255.255

where 195.77.1.10 is part of the new address block. Allow access in the acl and it should all work fine.

Note that the new IP address block does not have to follow on from your existing public IP block. As i say all you need to ensure is that any traffic destined for 195.77.1.x from the internet is routed to your firewall and the ISP should be doing this for you.

Jon

Michael.Tuggle · ‎03-04-2009

This is all I need but I was not sure that would work. Any way thanks for letting me know it will work.