Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
776
Views
0
Helpful
1
Replies

pix 520 different outside subnets

aztecmother
Level 1
Level 1

‎08-05-2002 09:52 AM - edited ‎02-20-2020 10:11 PM

Hi Everyone,

have a question, I have 3 different subnets from my isp. What I need to know is if the pix can handle the 3 different subnets or do I need a pix for each subnet. I want to disable nat, and have the machines using external address, with access-list permitting services.

example: subnet1: 192.168.1.1 -254

subnet2: 192.168.2.1-254

subnet3: 192.168.3.1-254

pix outside interface 192.168.5.1 255.255.255.0

pix inside interface 192.168.1.1 255.255.255.0

pix dmz1 192.168.2.1 255.255.255.0

pix dmz2 192.168.3.1 255.255.255.0

nat (inside) 0 192.168.1.0 255.255.255.0

nat (dmz1) 0 192.168.2.0 255.255.255.0

nat (dmz2) 0 192.168.3.0 255.255.255.0

static (inside) 192.168.1.2 192.168.1.2 netmask 255.255.255.255

static (dmz1) 192.168.2.2 192.168.2.2 netmask 255.255.255.255

etc...

plus access-list ....

0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎08-05-2002 06:22 PM

Going by your sample config, you are putting each different subnet onto a different PIX interface? If that'sthe case, then yes, the PIX can handle this, in fact it's the only way it'll handle it. The PIX functions similarly to a router in it's IP functionality, so it will route traffic between interfaces. You can't put more than one IP address on an interface like you can with a router though.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card