11-05-2003 10:00 AM - edited 03-09-2019 05:24 AM
Hi-
My question may indicate that I am brain-dead so I apologize in advance.
Can you use a private IP on the external interface?
I am installing my first PIX, a 515E. My network is configured as follows:
I have 1/2 of a class c address space allocated to my organization. All of my network devices and the internal interface of my router draw from this address space.
Is it reasonable and will it work if I configure as follows:
1. Inside interface uses an address from the address space above
2. DMZ interface uses something like 192.168.1.X
3. The part I'm confused on: External interface uses perhaps 192.168.2.X with a default route to the router's internal interface with some kind of NAT occurring--
Thanks--
11-05-2003 12:14 PM
You could, but it is not recommended. NATing things twice will make troubleshooting very very difficult.
Your pix's EXTERNAL interface should be using an IP from your /25. You should use internal (RFC 1918) addresses on the pix's internal interface, and maybe as well on the DMZ
11-06-2003 09:43 AM
Thanks for the information--I think I'm getting closer to understanding. I currently have all servers and workstations set up with addresses from the 1/2 class c address space. For reasons I won't bore you with, I'm very reluctant to change these to RFC 1918 addresses, particularly the servers. So, given this, I'm still not sure how to configure the inside and outside PIX interfaces.
Can I use an RFC1918 address on the internal interface yet leave all network devices to continue using the class c addresses?
Thanks-
11-05-2003 01:58 PM
You should use private addresses on your dmz and internal networks. Use the public addresses for the external interface on your firewall, the internal interface on your wan router, and for static and dynamic nat.
Disallow echo (ping) trafic on the firewall's external interface.
Dan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide