Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

pix 520 different outside subnets

Hi Everyone,

have a question, I have 3 different subnets from my isp. What I need to know is if the pix can handle the 3 different subnets or do I need a pix for each subnet. I want to disable nat, and have the machines using external address, with access-list permitting services.

example: subnet1: 192.168.1.1 -254

subnet2: 192.168.2.1-254

subnet3: 192.168.3.1-254

pix outside interface 192.168.5.1 255.255.255.0

pix inside interface 192.168.1.1 255.255.255.0

pix dmz1 192.168.2.1 255.255.255.0

pix dmz2 192.168.3.1 255.255.255.0

nat (inside) 0 192.168.1.0 255.255.255.0

nat (dmz1) 0 192.168.2.0 255.255.255.0

nat (dmz2) 0 192.168.3.0 255.255.255.0

static (inside) 192.168.1.2 192.168.1.2 netmask 255.255.255.255

static (dmz1) 192.168.2.2 192.168.2.2 netmask 255.255.255.255

etc...

plus access-list ....

1 REPLY
Cisco Employee

Re: pix 520 different outside subnets

Going by your sample config, you are putting each different subnet onto a different PIX interface? If that'sthe case, then yes, the PIX can handle this, in fact it's the only way it'll handle it. The PIX functions similarly to a router in it's IP functionality, so it will route traffic between interfaces. You can't put more than one IP address on an interface like you can with a router though.

69
Views
0
Helpful
1
Replies
CreatePlease to create content