Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Multiple IP's on outside interface?

Hi,

We've currently got a router that is managed by BT and has the following IP addresses:

194.x.x.65

81.x.x.65

Our PIX uses 194.x.x.66 at the moment and our web servers in our DMZ use a similar IP address.

We only had a hand full of 194.x.x.x addresses so ended up getting some more that were in the range 81.x.x.x. Currently static nat is performed on the PIX to translate the 194.x.x.x addesses to our DMZ.

I've tried adding static NAT enteries using the new range, 81.x.x.x, but that does'nt work. Is it possible to add another IP address to the PIX similar to what BT did with their router.

Am I going about this the correct way?

I'd like to be able to use the 81.x.x.x addresses in our DMZ along with the existing ones.

Regards,

Alan

6 REPLIES
Community Member

Re: Multiple IP's on outside interface?

Alan

Do you have a spare interface in the PIX? (i.e. a 4 port NIC)

If so, you could use one of the real IPs 81.x.x.x on the PIX DMZ(2) interface and then the other IPs on the servers?

The PIX would then route to these IPs (no NATing.)

You can still limit access to these servers through access-lists.

Paul

Community Member

Re: Multiple IP's on outside interface?

No, the PIX only has the 3 interfaces:

External: 194.x.x.x

Internal: 10.x.x.x

DMZ: 172.x.x.x

I tried adding the static nat rule

static (dmz,outside) 81.x.x.x 172.x.x.x netmask 255.255.255.255 0 0

though this doesn't work.

Community Member

Re: Multiple IP's on outside interface?

It will not work because the 81.x.x.x subnet is not on the outside interface.

The easiest solution may be to replace the 1 port DMZ with a 4 port card.

Paul

Community Member

Re: Multiple IP's on outside interface?

So, I'd have to add another nic giving me two on the outside?

One using 194.x.x.x and the other using 81.x.x.x?

Is it not possible to add an additional IP address to the existing interface?

Thanks

Alan

Community Member

Re: Multiple IP's on outside interface?

You would have:

Existing outside interface (194.x.x.x)

Existing inside interface (10.x.x.x)

Existing DMZ interface (172.x.x.x)

New DMZ2 interface (81.x.x.x)

From the internet, users would:

-Target 194 addresses which would then be translated into 172 addresses

-Target 81 addresses which would then be routed directly to the addresses on the DMZ2 interface.

Paul

Re: Multiple IP's on outside interface?

Just tell BT to route the 81.x.x.x scope to the ip of your outside interface and then static's using the 81.x.x.x scope to the servers in your dmz you wan't to reach from the internet.

Regards

Jan

97
Views
0
Helpful
6
Replies
CreatePlease to create content