Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
236
Views
0
Helpful
2
Replies

single ISP with 2 subnet range given to work on pix?

andy.woo
Level 1
Level 1

‎04-19-2004 02:37 AM - edited ‎02-20-2020 11:21 PM

Hi,

Scenario:

a) 1xleased line to ISP.

b) as initial LAN range provided is too small, a second subnet is given on the same link by the same ISP.

c) this means the both subnet A and subnet B is able to route out to the Internet via the same router although they are 2 different subnets to each other.

d) therefore the router has a primary address for subnet A and secondary address for subnet B configured.

e) currently a pix 515 is connected behind the router using IOS version: 5.x

f) the pix's external interface is configured using subnet A address and its default route is pointing to subnet A address of the router

g) there are 1:1 static mappings configured for both subnet A and subnet B on the pix.

Question:

based on the above workings, the pix is able to work for both subnets even though the pix default route is to subnet A.

this means that the Internet users can reach both subnet A and B's web services.

I thought that the pix can only support a single default route and its interface can only be configured with a single subnet range which it did. But how to explain the that internet users can also access subnet B? I am got confused by the above working scenario.

Later:

the pix is to be replaced by another pix using IOS version 6.2....I am afraid the change will not work as before using the older pix with 5.x IOS.

if anyone actually has experience in this area, pls show me some light on this. Thanks..

0 Helpful
2 Replies 2

mostiguy
Level 6
Level 6

‎04-19-2004 03:46 AM

you should be fine by using both blocks in various global statements. since the router has a secondary address, it expects to be able to talk to both subnet on the same interface that is connected to the pix. via the global statements, the pix will provide services for both netblocks

0 Helpful

andy.woo
Level 1
Level 1
In response to mostiguy

‎04-20-2004 08:05 PM

thanks for the advise.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card