Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

multiple non-contiguous blocks of IPs

Hello,

Is it ok to create static mappings for mutiple blocks of IPs on the pix, or do the static entries all have to be within the range of the pix's external interface IP?

Thanks

Jeff

  • Other Security Subjects
2 REPLIES
Silver

Re: multiple non-contiguous blocks of IPs

Jeff,

Yes, it is ok to create static mappings for multiple blocks of ips/netwroks on the pix, and no the static entries all don't have to be within the range of the pix's external interface IP? But, you need to make sure that you create route for these ips/networks poiting to the outside interface of the pix as next-hop on the router connected to the outside interface of the pix.

I hope this answers your question. Thanks,

Mynul

New Member

Re: multiple non-contiguous blocks of IPs

Hi,

We have a PIX static mappings for two blocks of IPs. The outside interface of the firewall is connected to a Cisco 2621 router. The router's Ethernet interface has the primary IP address in the same subnet as the PIX outside interface. We have also assigned a secondary IP address to the Interface in the other IP block (which has the static mapping on the PIX).

This set up was working well with PIX 6.2. We were able to access the hosts inside the PIX which have static mapping to both the IP blocks.

When we upgaded the PIX OS to 6.3.1, the static mapping for the second IP block not working. Only the static mapping for the IP block which is the same as the ouside Interface is working.

We are not having any static routes on the router pointing to the PIX outside interface for the second IP block. We only assigned a secondary IP address from this block for the router's Ethernet interface.

What could be the issue?

Regards

maha

193
Views
0
Helpful
2
Replies