PIX515E - different public IP networks on the inside
Can someone clarify me on an issue I'm about to face:
My PIX515E is about to handle multiple different public IP ranges that are routed on a single cable from an ISP router, for example:
ISP router inside IP 126.96.36.199 / 255.255.255.248
PIX outside IP 188.8.131.52 / 255.255.255.248
PIX inside IP 184.108.40.206 / 255.255.255.192
PIX intf2 IP 220.127.116.11 / 255.255.255.192
PIX intf3 IP 18.104.22.168 / 255.255.255.128
The default route would be 22.214.171.124, without network-specific static routes.
The ISP router would be configured to route both 126.96.36.199 /24 and 188.8.131.52 /24 networks using a single cable towards the PIX outside interface. Will this pose any problems when one of the inside interfaces (intf3) belongs to a completely different network than the PIX outside IP?
How about when a host 184.108.40.206 tries try to access 220.127.116.11. Would the traffic be routed to the ISP router (18.104.22.168) which would turn it back towards the PIX or would it be routed directly to the right interface if the access-lists allow it?
Re: PIX515E - different public IP networks on the inside
As long as the ISP routes both subnet ranges to the outside interface of your pix then you will be fine.
If the 2 network 22.214.171.124 and 126.96.36.199 are on separate interfaces, which they are the pix will route between the 2 interfaces without going to the ISP router. The default route pointing to the ISP router will only be used when the pix does not have a more specific route and in this case it will as the networks are directly connected.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...