×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Two public IP ranges on one PIX 515

Unanswered Question
Sep 22nd, 2005
User Badges:

We have an older PIX 515 (running 4.4 software) and have run out of public IPs from our provider. They could not expand our range, so they gave us a second non-contiguous range of IPs. I added a 3rd Interface card to the PIX and configured its new IP and gateway as Outside2. The Inside network is flat (one subnet of 10.40.0.0 and no routers). The Default Route is to the original Outside. I have added a Route for the new interface as:


route outside2 10.40.0.0 255.255.0.0 x.y.200.97 1


Which, now that I look at it, is wrong as the 10.40.0.0 is the INSIDE network. I have added a Global line for the new network as:


global (outside2) 1 x.y.200.99 netmask 255.255.255.224


And static translations to map the new public IPs to inside devices such as:


static (inside,outside2) x.y.200.101 10.40.20.12 netmask 255.255.255.255 0 0


But it doesn't work. When I ping the new IP, I get responses, but they are coming out through the original Outside interface! This is confirmed by a Tracert which shows the last hop not as the public IP configured (x.y.200.110), but as the Outside NAT address (x.y.205.183). So, traffic appears to be going in the new Outside2 interface and back out the old Outside interface via the default route.


Can someone help me with what I've done wrong here? The REALLY odd thing is that this DID work for one day, then stopped working.


Thanks!


Rob

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bigchoice75 Thu, 09/22/2005 - 08:15
User Badges:

there is no need to add an additional interface. Since your isp assigned the range they should have just added a route for the new subnet to point to your existing default gateway (the ouside interface of the pix....assuming the pix is directly connected to your ISP). All you have to do is create NATS with the new ip's, if routing is configured properly with your ISP it should all just work.


In short, There is nothing you need to do with PIX, this is simply a routing issue with your ISP.


hope this helps


-kevin

teddydogno1 Thu, 09/22/2005 - 13:02
User Badges:

Dang! That did it. I forwarded your comments to their engineering and it is working fine now. Thanks!


Rob

Actions

This Discussion