PIX Installation

Unanswered Question
Mar 1st, 2004
User Badges:

installing a redundant PIX 515's, on the outside want to keep the same address range and also keep the address range on the inside the same. for example 192.168.1.0/24 192.168.3.0/24 on the outside. the inside addressing 192.168.1.0/24 and 192.168.3.0/24 can this be dome without readdressing the inside range.

My guess was that for the outside and the inside addresses would have to be NATed by other external and internal device for this to work?


Thanks



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Pixen cannot act as bridging firewalls. While there is some functionality to do outside NAT, etc. I don't see how your configuration will work, because you are expecting to have both .1.0 and .3.0/24 exist on both the outside and inside interfaces of the pix. The pixen would not know how to route packets for those networks if that were the case (as both interfaces (inside and out) would seem to be responsible for them).


It might be possible if you have a separately ip addressed segment - is that what you are planning for the 2950 and a vlan on the 4006? It might be doable if the inside of the pixen was on a new subnet (192.168.2.0/24), and something internally natted the outside of that segment (192.168.2.0/24) to the inside addresses (192.168.1 and .3).


That said, it would be very hackish even if it worked. I'd recommend trying to design the best topology for the business needs, and then seeing if that can exist with the existing ip addressing

Actions

This Discussion