Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX secondary IP

Hello,

I have to install a PIX firewall and I have a question. Our ISP has assigned us two ranges of IP's (each range from a different subnet, for example, 10.165.100.32/27 and 10.165.200.160/27). I will assign one IP from one of these two ranges to the PIX outside interface (for example, 10.165.200.162/27). But I want the PIX firewall to route the IP paquets destined to the 10.165.100.32/27 subnet (I don't want to send these paquets to the router 10.165.200.161/27, who has an interface with two different IP).

For this reason, I thought  to assign a secondary IP (for example, 10.165.100.60) to the PIX outside interface. I've read the command reference guide and I haven't found how can I assign a secondary IP to an interface. Anyone know how can I do it?

I've attached a document with the network diagram.

Thanks in advance,

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: PIX secondary IP

cdelafuente31 wrote:

Hello,

I have to install a PIX firewall and I have a question. Our ISP has assigned us two ranges of IP's (each range from a different subnet, for example, 10.165.100.32/27 and 10.165.200.160/27). I will assign one IP from one of these two ranges to the PIX outside interface (for example, 10.165.200.162/27). But I want the PIX firewall to route the IP paquets destined to the 10.165.100.32/27 subnet (I don't want to send these paquets to the router 10.165.200.161/27, who has an interface with two different IP).

## For this reason, I thought  to assign a secondary IP (for example, 10.165.100.60) to the PIX outside interface. I've read the command reference guide and I haven't found how can I assign a secondary IP to an interface. Anyone know how can I do it?

I've attached a document with the network diagram.

Thanks in advance,

The short answer is you can't use secondary addresses with the pix/ASA firewalls.

The good news however is that you don't need to. As long as the ISP routes the packets for 10.165.100.160/27 to the outside interface of your pix then you just setup static NAT translations as you do with the 10.165.200.160/27 network.

So you use the 10.165.200.160/27 network to address the physical outside interface of the pix and perhaps some static NAT translations.

And the 10.165.100.160/27 you just setup static NAT translations eg.

static (inside,outside) 10.165.100.161 192.168.5.10 netmask 255.255.255.255

etc..

Jon

2 REPLIES
Hall of Fame Super Blue

Re: PIX secondary IP

cdelafuente31 wrote:

Hello,

I have to install a PIX firewall and I have a question. Our ISP has assigned us two ranges of IP's (each range from a different subnet, for example, 10.165.100.32/27 and 10.165.200.160/27). I will assign one IP from one of these two ranges to the PIX outside interface (for example, 10.165.200.162/27). But I want the PIX firewall to route the IP paquets destined to the 10.165.100.32/27 subnet (I don't want to send these paquets to the router 10.165.200.161/27, who has an interface with two different IP).

## For this reason, I thought  to assign a secondary IP (for example, 10.165.100.60) to the PIX outside interface. I've read the command reference guide and I haven't found how can I assign a secondary IP to an interface. Anyone know how can I do it?

I've attached a document with the network diagram.

Thanks in advance,

The short answer is you can't use secondary addresses with the pix/ASA firewalls.

The good news however is that you don't need to. As long as the ISP routes the packets for 10.165.100.160/27 to the outside interface of your pix then you just setup static NAT translations as you do with the 10.165.200.160/27 network.

So you use the 10.165.200.160/27 network to address the physical outside interface of the pix and perhaps some static NAT translations.

And the 10.165.100.160/27 you just setup static NAT translations eg.

static (inside,outside) 10.165.100.161 192.168.5.10 netmask 255.255.255.255

etc..

Jon

New Member

Re: PIX secondary IP

Thank you very much for the info,

499
Views
0
Helpful
2
Replies
CreatePlease to create content