single ISP with 2 subnet range given to work on pix?
a) 1xleased line to ISP.
b) as initial LAN range provided is too small, a second subnet is given on the same link by the same ISP.
c) this means the both subnet A and subnet B is able to route out to the Internet via the same router although they are 2 different subnets to each other.
d) therefore the router has a primary address for subnet A and secondary address for subnet B configured.
e) currently a pix 515 is connected behind the router using IOS version: 5.x
f) the pix's external interface is configured using subnet A address and its default route is pointing to subnet A address of the router
g) there are 1:1 static mappings configured for both subnet A and subnet B on the pix.
based on the above workings, the pix is able to work for both subnets even though the pix default route is to subnet A.
this means that the Internet users can reach both subnet A and B's web services.
I thought that the pix can only support a single default route and its interface can only be configured with a single subnet range which it did. But how to explain the that internet users can also access subnet B? I am got confused by the above working scenario.
the pix is to be replaced by another pix using IOS version 6.2....I am afraid the change will not work as before using the older pix with 5.x IOS.
if anyone actually has experience in this area, pls show me some light on this. Thanks..
Re: single ISP with 2 subnet range given to work on pix?
you should be fine by using both blocks in various global statements. since the router has a secondary address, it expects to be able to talk to both subnet on the same interface that is connected to the pix. via the global statements, the pix will provide services for both netblocks
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...