10-01-2008 10:22 AM
I currently have a pix (6.3) with the outside interface configured as part of a /27 bit public ip space. We are running out of addresses and need to purchase another range. Can I make this work using the existing pix and without tampering with the existing range in use? Basically, can I route a new address space to my existing pix and set up statics for that space even though the interface is assigned an ip address on a different range?
Solved! Go to Solution.
10-01-2008 10:33 AM
YES, it can be done rather easily.
Example: your outside interface is
129.174.1.1/27. Now you want to add another
141.141.141.0/24 to your outside interface.
Is that correct?
The technique is to use routing IP NAT Pool.
In this example, you will add a static route
on the upstream router like this:
ip route 141.141.141.0 255.255.255.0 129.174.1.1
Now you can do static NAT on the pix as
this:
static (i,o) 141.141.141.0 192.168.1.0 netmask 255.255.255.0
Easy right?
10-01-2008 10:33 AM
YES, it can be done rather easily.
Example: your outside interface is
129.174.1.1/27. Now you want to add another
141.141.141.0/24 to your outside interface.
Is that correct?
The technique is to use routing IP NAT Pool.
In this example, you will add a static route
on the upstream router like this:
ip route 141.141.141.0 255.255.255.0 129.174.1.1
Now you can do static NAT on the pix as
this:
static (i,o) 141.141.141.0 192.168.1.0 netmask 255.255.255.0
Easy right?
10-01-2008 10:44 AM
Thanks for the confirmation. I needed a quick answer and wasn't in a spot to test it out. Since you used a pool example, can I assume that I can also create individual statics -
static (i,o) 141.141.141.10 192.168.1.10 ?
10-01-2008 10:59 AM
That's correct.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: