12-14-2006 06:43 AM - edited 03-11-2019 02:08 AM
I got an additional IP Range from my ISP how can apply that to my PIX so I can use that range as well as my current range. I have a PIX 515 6.3.5 Thanks in advance
12-14-2006 03:08 PM
hello,
if you want to make use of that IP range for some PC's/subnets or servers, you can directly create NAT entries (static/dynamic or PAT) with those new public IP addresses for any new inside subnet. Just make sure you add routes on the internet router for this new public pool to reach the PIX outside..
YOu need to do the following:
1) Identify the subnet/ host which requires to go out to internet with the new IP range
2) You should not use the same subnet which is presently using the old IP.
3) configure NAT/PAT with the inside subnet to the new IP address pool on the outside
4) add routes on the internet router for the new pool directed to the PIX outside.
5) check the connection
If you are thinking of configuring a new /30 subnet on the PIX with the new IP pool, it isnt possible, since PIX does not support configuring multiple IP addresses on a single interface , like routers (secondary IP).
Hope this helps.. all the best.. rate replies if useful..
Raj
12-14-2006 05:30 PM
Here is what is in place now:
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
They are both using /28 subnet
The ISP just gave them a new block to use becasue they ran out of public IP's
Could I do this:
global (outside) 1 interface
global (outside) 1 new.ip.range-new.ip.range netmask /28
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
Or:
global (outside) 1 interface
global (outside) 2 new.ip.range-new.ip.range subnet /28
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
nat (inside) 2 0.0.0.0 0.0.0.0 0 0
12-14-2006 06:44 PM
Nope.. try something like this.
LAN - VLAN 1 (10.10.10.0/24) & VLAN 2 (20.20.20.0/24)
global (outside) 1 interface
global (Outside) 2 202.2.2.2 (new IP )
nat (inside) 1 10.10.10.0 255.255.255.0
nat (inside) 2 20.20.20.0 255.255.255.0
Or else, use the PAT/ internet on the old pool and change the statics (for servers ) to the new IP pool..
hope this helps.. all the best.. rate replies if found useful..
RAj
12-14-2006 06:56 PM
VLAN1 option is going to work for them. They have too much going on for that to happen.
Basically what could I use CLI wise to add the new IP Range so they can use it when needed? Could you give me an example config.
12-14-2006 07:36 PM
How would I use the VLAN option on a PIX?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide