Multiple subnet on an interface of PIX firewall/ASA
Hi All, Can I have multiple subnet on an interface of PIX/ASA firewall..Like if I have two different public range from ISP & i want to use both the range for my servers kept behind the DMZ & firewall has only three interfaces..inside,outside & DMZ..
Is it possible or not? If possible please do help me with sample config.
Re: Multiple subnet on an interface of PIX firewall/ASA
You can achieve that, but not directly configuring the DMZ interface with secondary IP, just like router. Make sure your PIX/ASA support sub-interfaces features, i.e PIX 7.0.
BTW, I assumed your outside interface is already used to host other internet/ISP connection, and would like to host another 2 on the DMZ segment
You can use sub-interfaces (i.e dmz2 & dmz3) & Vlan features where you need to host/terminate the connection from the 2 ISPs (after internet router/DSL) to a switch configured with 2 Vlans.
On the switch, apart from Vlans, configure a trunk port (encap dot1q) and connect it to PIX/ASA. On Firewall end, configure 2 sub-interfaces with appropriate security level and IP Address from each of the ISP.
To host servers behind these 2 sub-interfaces (but logical is 2 separate interfaces/segments), configure it the same way you configure outside-to-inside, where you have static command, i.e, static (inside,dmz2) ..., nat/global, ACL and route.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...