Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Adding a 2nd IP Range

I got an additional IP Range from my ISP how can apply that to my PIX so I can use that range as well as my current range. I have a PIX 515 6.3.5 Thanks in advance

5 REPLIES

Re: Adding a 2nd IP Range

hello,

if you want to make use of that IP range for some PC's/subnets or servers, you can directly create NAT entries (static/dynamic or PAT) with those new public IP addresses for any new inside subnet. Just make sure you add routes on the internet router for this new public pool to reach the PIX outside..

YOu need to do the following:

1) Identify the subnet/ host which requires to go out to internet with the new IP range

2) You should not use the same subnet which is presently using the old IP.

3) configure NAT/PAT with the inside subnet to the new IP address pool on the outside

4) add routes on the internet router for the new pool directed to the PIX outside.

5) check the connection

If you are thinking of configuring a new /30 subnet on the PIX with the new IP pool, it isnt possible, since PIX does not support configuring multiple IP addresses on a single interface , like routers (secondary IP).

Hope this helps.. all the best.. rate replies if useful..

Raj

Community Member

Re: Adding a 2nd IP Range

Here is what is in place now:

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

They are both using /28 subnet

The ISP just gave them a new block to use becasue they ran out of public IP's

Could I do this:

global (outside) 1 interface

global (outside) 1 new.ip.range-new.ip.range netmask /28

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

Or:

global (outside) 1 interface

global (outside) 2 new.ip.range-new.ip.range subnet /28

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

nat (inside) 2 0.0.0.0 0.0.0.0 0 0

Re: Adding a 2nd IP Range

Nope.. try something like this.

LAN - VLAN 1 (10.10.10.0/24) & VLAN 2 (20.20.20.0/24)

global (outside) 1 interface

global (Outside) 2 202.2.2.2 (new IP )

nat (inside) 1 10.10.10.0 255.255.255.0

nat (inside) 2 20.20.20.0 255.255.255.0

Or else, use the PAT/ internet on the old pool and change the statics (for servers ) to the new IP pool..

hope this helps.. all the best.. rate replies if found useful..

RAj

Community Member

Re: Adding a 2nd IP Range

VLAN1 option is going to work for them. They have too much going on for that to happen.

Basically what could I use CLI wise to add the new IP Range so they can use it when needed? Could you give me an example config.

Community Member

Re: Adding a 2nd IP Range

How would I use the VLAN option on a PIX?

309
Views
0
Helpful
5
Replies
CreatePlease to create content