Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
820
Views
0
Helpful
5
Replies

Adding a 2nd IP Range

bfensty74
Level 1
Level 1

‎12-14-2006 06:43 AM - edited ‎03-11-2019 02:08 AM

I got an additional IP Range from my ISP how can apply that to my PIX so I can use that range as well as my current range. I have a PIX 515 6.3.5 Thanks in advance

Labels:
0 Helpful
5 Replies 5

sachinraja
Level 9
Level 9

‎12-14-2006 03:08 PM

hello,

if you want to make use of that IP range for some PC's/subnets or servers, you can directly create NAT entries (static/dynamic or PAT) with those new public IP addresses for any new inside subnet. Just make sure you add routes on the internet router for this new public pool to reach the PIX outside..

YOu need to do the following:

1) Identify the subnet/ host which requires to go out to internet with the new IP range

2) You should not use the same subnet which is presently using the old IP.

3) configure NAT/PAT with the inside subnet to the new IP address pool on the outside

4) add routes on the internet router for the new pool directed to the PIX outside.

5) check the connection

If you are thinking of configuring a new /30 subnet on the PIX with the new IP pool, it isnt possible, since PIX does not support configuring multiple IP addresses on a single interface , like routers (secondary IP).

Hope this helps.. all the best.. rate replies if useful..

Raj

0 Helpful

bfensty74
Level 1
Level 1
In response to sachinraja

‎12-14-2006 05:30 PM

Here is what is in place now:

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

They are both using /28 subnet

The ISP just gave them a new block to use becasue they ran out of public IP's

Could I do this:

global (outside) 1 interface

global (outside) 1 new.ip.range-new.ip.range netmask /28

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

Or:

global (outside) 1 interface

global (outside) 2 new.ip.range-new.ip.range subnet /28

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

nat (inside) 2 0.0.0.0 0.0.0.0 0 0

0 Helpful

sachinraja
Level 9
Level 9
In response to bfensty74

‎12-14-2006 06:44 PM

Nope.. try something like this.

LAN - VLAN 1 (10.10.10.0/24) & VLAN 2 (20.20.20.0/24)

global (outside) 1 interface

global (Outside) 2 202.2.2.2 (new IP )

nat (inside) 1 10.10.10.0 255.255.255.0

nat (inside) 2 20.20.20.0 255.255.255.0

Or else, use the PAT/ internet on the old pool and change the statics (for servers ) to the new IP pool..

hope this helps.. all the best.. rate replies if found useful..

RAj

0 Helpful

bfensty74
Level 1
Level 1
In response to sachinraja

‎12-14-2006 06:56 PM

VLAN1 option is going to work for them. They have too much going on for that to happen.

Basically what could I use CLI wise to add the new IP Range so they can use it when needed? Could you give me an example config.

0 Helpful

bfensty74
Level 1
Level 1
In response to sachinraja

‎12-14-2006 07:36 PM

How would I use the VLAN option on a PIX?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card