i have an interface on one of my dmz interfaces with ip address 172.27.127.1/24 to a LAN with networks 172.27.127.0/24 and 172.27.124.0/24...how do i reach the 172.27.124 network through this interface through the PIX dmz int ,can it accept a secondary ip ?
It is not possible to have secondary addresses in a PIX.
The only solution I can think for this, is to have another device (can be a router with secondary ip address) to do the routing between the two networks for the PIX to the machines in the network 172.27.124.0/24 and the reverse path.
Although I would prefer to have only an IP address, I can't think any need for having two networks
To accomplish this, you will need a router on the DMZ network with a route to the 172.27.124.0 network. In addition, you need to add a route on the firewall that points to the router's IP when going to that subnet. (ex: route dmz 172.27.124.0 255.255.255.0 172.27.127.50)
Your other option is to add vlans to this DMZ network and assign the different IP hosts to the corresponding vlans. Then configure the DMZ interface as a Trunk and the switchport from an access port to a trunk. Assign the secondary you wanted to the new VLAN interface on the PIX. Assign the original PIX interface IP to the 2nd vlan on the PIX. Setup ACLs and translations to allow routing to these networks. VLANs were available as of 6.3 I believe, but check the release notes of your version to be sure.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...