Cisco Support
English
Feedback Help
Cisco Support Community
Register
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
j.allred
j.allred
Community Member
‎03-12-2008 09:12 AM
‎03-12-2008 09:12 AM

PIX 515 Multiple Outside IP Blocks

PIX 515 with 4 interfaces

eth0 - outside

eth1 - inside

eth2 - DMZ

eth3 - not in use

We have added a second outside IP block to our Internet service. We would like to keep our current IP block and configuration on the outside interface. Can I use eth 3 as a second Outside interface and create static mappings just like I do with eth 0? If so, how would I handle default route settings?

Thanks,

Jay

Labels:
0 Helpful
Reply
3 REPLIES
brettmilborrow
brettmilborrow
Community Member
‎03-12-2008 09:21 AM
‎03-12-2008 09:21 AM

Re: PIX 515 Multiple Outside IP Blocks

Hi Jay,

You don't need to use another interface to configure this. All you need is the following:

1) Your ISP to route the entire new IP range to the current outside IP address of your firewall

2) Create static transltations to the new range specifying the current outside interface in the static command.

eg:

Current outside ip = y.y.y.y/24

Your ISP routes x.x.x.x/24 towards y.y.y.y

static (DMZ,outside) x.x.x.x d.d.d.d netmask 255.255.255.255

This solution is used often!

Good luck!

0 Helpful
Reply
JORGE RODRIGUEZ
JORGE RODRIGUEZ Green
Green
‎03-12-2008 10:58 AM
‎03-12-2008 10:58 AM

Re: PIX 515 Multiple Outside IP Blocks

I do not understand the 1.0 ratings, even though I did not responded to original poster the reply from Bret is a very valid/solution reply that you do not need to use another physical interface in order to route a second public IP block from your current ISP towards your pix outside interface, I recommend to instead of placing a 1.0 ratings to be constructive in asking in a simple reply why you do not agree with the solution . remember that netpros are here to help out and while our networks run smoothly we take time aside to help in your problems.

Jorge

0 Helpful
Reply
brettmilborrow
brettmilborrow
Community Member
‎03-12-2008 11:59 AM
‎03-12-2008 11:59 AM

Re: PIX 515 Multiple Outside IP Blocks

Totally agree Jorge,

In fact, in this case, the use of a second interface is not possible as you can only have one default route.

Thanks for your comments...

0 Helpful
Reply
Latest Documents
Snort IPS on ISR, ISRv and CSR - Step-By-Step Configuration
Created by Kureli Sankar on 04-19-2018 11:25 AM
0
0
0
0
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin... view more
Upgrade Chassis Manager (FXOS)
Created by Jeet Kumar on 02-23-2018 02:51 AM
2
15
2
15
    Login to the FXOS chassis manager. Direct your browser to https://hostname/, and log-in using the user-name and password.     Go to Help > About and check the current version:    Check the current version availa... view more
ASA 5506-X with ipv6 no access to internet
Created by Klaxel on 02-08-2018 01:25 AM
3
5
3
5
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6. In Syslog I also se... view more
All Documents
209
Views
0
Helpful
3
Replies
CreatePlease to create content
Discussion
Blog
Document
Video
Popular Blogs
AnyConnect Certificate Based Authentication.
Created by Marvin Ruiz on 08-27-2012 05:20 PM
36
70
36
70
BLOG (No Title)
Created by athukral on 06-14-2011 04:23 AM
15
35
15
35
Wireless Hacking
Created by Anim Saxena on 01-24-2013 07:56 AM
2
20
2
20
All Blogs