Question

Multiple external ip addresses with one cisco pix 501 firewall, no router

Asked by: nagraves

I have 3 computers which share the cable internet connection. I was wondering if my Cisco Pix 501 will be able to pass 3 dynamically assigned ips to my computers?  The ISP will allow me to have up to 5 ip addresses at no extra cost. From what i see, i'll need 4. One for the pix itself, and one for the three boxes.

Is this possible to do with what i have?

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2004-08-16 at 18:36:15ID21096026
Tags

multiple

,

pix

,

ip

,

cisco

,

external

Topic

DSL Lines / Cable Internet

Participating Experts
2
Points
125
Comments
11

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Cisco PIX: routing question
    I am running a website. In order to increase its availability, there are two instances of the site, running on two computers: www1 and www2. I have two connections to different ISPs: if first fails, second will remain available. Internet comes to me via 10Base-T, cables inser...
  2. Cisco Router/PIX/Switch Cabling Issue
    I have a scenario where I have a t1 coming into a cisco router with a PIX behind it and behind the pix there is a into a cisco switch behind which is my lan. I need to know what cabling i need for all of this. Is it CAT5 straight through or is it crossover? If someone cou...
  3. Is Cisco PIX can support cable modem?
    I now using the Charter "www.charter.com" Cable ISP to access the internet, can Cisco PIX can Support Cable connection?
  4. Cisco Pix 501 on cable dynamic IP address
    I took over support for a small company that has a pair of PIX 501s. The offices each have a cable broadband connection from an ISP that doesn't offer static IP addresses. The VAR that setup the PIX's assumed the cable connections had static IP addresses so the access-list co...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: snoopy13Posted on 2004-08-17 at 12:43:44ID: 11824489

what you can do is apply one of the legal routable address from your ISP to the outside interface of you Pix and a private address to the inside and use the global command to get pat form the Pix and you could have as many PC's as you want. You will be able to do static translation for web server or mail server if you have one.

ip address outside 193.x.x.x 255.255.255.0 (provided by ISP)
ip address inside 192.168.100.0 255.255.255.0

nat (inside) 1 192.168.100.0 255.255.255.0 0 0
global (outside) 1 interface


route outside 0.0.0.0 0.0.0.0 193.x.x.x 1(next hop router, default gateway)

 

by: nagravesPosted on 2004-08-17 at 13:36:35ID: 11825072

That doesn't answer the question. I would like the boxes to have their own external ip addresses behind the firewall.  Those IPs are dynamically assigned by my ISP. Is this possible, and how?

 

by: ecszonePosted on 2004-08-18 at 12:32:25ID: 11834858

Why would you want them behind your firewall??  That kind of defeats the purpose.  If you pix supports a DMZ interface I would recommend that.  Then you can statically give them the IP address and go from there.

 

by: nagravesPosted on 2004-08-18 at 12:44:16ID: 11834980

I have answered that:

> I would like the boxes to have their own external ip addresses behind the firewall.

I just do.  Is it possible with a PIX 501?

 

by: ecszonePosted on 2004-08-18 at 12:51:07ID: 11835073

I do not know the pix... just trying to help on a infrastructure basis.  What if you put a switch on the modem and make that a DMZ.
Making suggestions w/o knowing your reasoning is kind of tough.  PLus I wont know the pix specific details.

 

by: nagravesPosted on 2004-08-18 at 13:42:56ID: 11835578

Various reasoning. Two of the computers both listen on port 80 for example. Instead of changing the apache configs I'd rather they each have their own external address, being that I'm entitled to them.  I am supposing this may be a pix-specific question, and perhaps I have asked it in the wrong area.

 

by: ecszonePosted on 2004-08-18 at 14:00:14ID: 11835734

On my firewall, i can assign multiple public IP addressses to the external interface.  From tehre I can do one2one NAT or port forwarding by IP.
so  public IP x:80 forward to internal server A:80, and public IP y:80 forward to interanl server B:80

Thats How I deal with this and keep the network secure.   If you  need pix specific info try and repost... firewalls maybe the place to post if you know exactly what you want  your pix to do.

 

by: nagravesPosted on 2004-08-18 at 14:05:03ID: 11835785

That is the answer I was looking for:

>assign multiple public IP addressses to the external interface.  From tehre I can do >one2one NAT or port forwarding by IP.

 

by: ecszonePosted on 2004-08-18 at 14:20:36ID: 11835945

cool.  Like i said if you find you need more help "firewalls" would be a good place to find some cisco help.

 

by: snoopy13Posted on 2004-08-20 at 04:03:00ID: 11850627

The 501 does not have DMZ interface nor will ti allow multiple addresses on the interface. What you would have to do a one to one NAT so that the pc's will appear on the outside with that public addresses.

 

by: ecszonePosted on 2004-08-20 at 06:45:54ID: 11851275

It will not allow you to create alias's for alteernate IP's?  That sucks.   I dont get all the cisco hype.  Im glade I got a watchguard firebox. :D
Almost everything accepts more than one IP these days... thats crap.  Shlt windows 2000/xp can have a kagillian.


20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...