My upstream provider is changing IP blocks. They are presenting both blocks to the current port our PIX 501 is hanging off of. I would like to be able to facilitate a smooth transition between IP Blocks, so I would like to have both blocks available to be NAT'd back to my inside network. The current block works just fine but if I add a new IP and try to use that it won't work (I assume the old gateway won't route the new IPs). So is there any way to create a "virtual" (probably not the right term) interface on eth0 of the pix so I can start using the new block (at the same time I am using the old block)?
Hi Greg, say your ISP is changing IP blocks facing your pix outside interface including your public addresses . It is obious you have to chnage your pix oustide interface with new public IP info as well as pix inside default route , now you said you want to still have the old IP block after you migrate to new public IP, in order to do accomplish that your ISP needs to route back the old IP block back your your PIX outside interface.
As far as your pix inside and hosts that are mapped with one to one nat using old IP block should work fine as long as your ISP does what I mentioned previously, they need to route back that old IP block back to your outside PIX interface.
"You also said you try adding a new IP but it did not work"
Your new default gateway within the pix should point to your ISP router interface, are you doing simple static routes for default routes? or are you gettig default routes from ISP via OSPF or RIP? in any case, lets assume you are doing static for default route.
your default route should be as :
route outside 0.0.0.0 0.0.0.0 ISP_IP 1
as far as your new ip block is concern just create new NAT pools and PAT referencing teh new IP block .
If you need assitance we can take a look at your pix config if you post it stripping public IP information or replacing it with somthing else.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...