Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Best way to move outside to subinterfaces

I am beginning to run out of address spaces and I am looking at getting another range. I would like to create sub-interfaces but I am running into one problem. When I move the interface "outside" interface to one of the subinterfaces anything applied to that interace goes away. Is there any way to move the "nameif outside" to a subinterface without losing all the references? Or does anyone have any other suggestions about how to bring in the new range?

2 REPLIES
Hall of Fame Super Blue

Re: Best way to move outside to subinterfaces

Michael

Is the new range just going to be used for NAT etc. ?

If so you don't need another outside interface. You just need to make sure that your new IP address block is routed by your ISP to the existing outside interface of your firewall.

Then you can simply add static statements as normal eg.

static (dmz,outside) 195.77.1.10 192.168.5.10 netmask 255.255.255.255

where 195.77.1.10 is part of the new address block. Allow access in the acl and it should all work fine.

Note that the new IP address block does not have to follow on from your existing public IP block. As i say all you need to ensure is that any traffic destined for 195.77.1.x from the internet is routed to your firewall and the ISP should be doing this for you.

Jon

New Member

Re: Best way to move outside to subinterfaces

This is all I need but I was not sure that would work. Any way thanks for letting me know it will work.

114
Views
0
Helpful
2
Replies
CreatePlease to create content