×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Adding a 2nd IP Range

Unanswered Question
Dec 14th, 2006
User Badges:

I got an additional IP Range from my ISP how can apply that to my PIX so I can use that range as well as my current range. I have a PIX 515 6.3.5 Thanks in advance



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sachinraja Thu, 12/14/2006 - 15:08
User Badges:
  • Red, 2250 points or more

hello,


if you want to make use of that IP range for some PC's/subnets or servers, you can directly create NAT entries (static/dynamic or PAT) with those new public IP addresses for any new inside subnet. Just make sure you add routes on the internet router for this new public pool to reach the PIX outside..


YOu need to do the following:


1) Identify the subnet/ host which requires to go out to internet with the new IP range

2) You should not use the same subnet which is presently using the old IP.

3) configure NAT/PAT with the inside subnet to the new IP address pool on the outside

4) add routes on the internet router for the new pool directed to the PIX outside.

5) check the connection


If you are thinking of configuring a new /30 subnet on the PIX with the new IP pool, it isnt possible, since PIX does not support configuring multiple IP addresses on a single interface , like routers (secondary IP).


Hope this helps.. all the best.. rate replies if useful..


Raj

bfensty74 Thu, 12/14/2006 - 17:30
User Badges:

Here is what is in place now:


global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0


They are both using /28 subnet


The ISP just gave them a new block to use becasue they ran out of public IP's


Could I do this:


global (outside) 1 interface

global (outside) 1 new.ip.range-new.ip.range netmask /28

nat (inside) 1 0.0.0.0 0.0.0.0 0 0


Or:


global (outside) 1 interface

global (outside) 2 new.ip.range-new.ip.range subnet /28

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

nat (inside) 2 0.0.0.0 0.0.0.0 0 0



sachinraja Thu, 12/14/2006 - 18:44
User Badges:
  • Red, 2250 points or more

Nope.. try something like this.


LAN - VLAN 1 (10.10.10.0/24) & VLAN 2 (20.20.20.0/24)


global (outside) 1 interface

global (Outside) 2 202.2.2.2 (new IP )


nat (inside) 1 10.10.10.0 255.255.255.0

nat (inside) 2 20.20.20.0 255.255.255.0


Or else, use the PAT/ internet on the old pool and change the statics (for servers ) to the new IP pool..


hope this helps.. all the best.. rate replies if found useful..


RAj

bfensty74 Thu, 12/14/2006 - 18:56
User Badges:

VLAN1 option is going to work for them. They have too much going on for that to happen.




Basically what could I use CLI wise to add the new IP Range so they can use it when needed? Could you give me an example config.



Actions

This Discussion