Setup multiple IP addresses on PIX

Need to setup multiple "external" IP address on my PIX515.  How do I set this up?  
MCHDMISDEPTAsked:
Who is Participating?
 
lrmooreConnect With a Mentor Commented:
You need access-lists and sysopt:
Depending on what type VPN's and their requirements:
 IPSEC:
  access-list outside_in permit tcp any host 13.45.67.8 eq 50
  access-list outside_in permit udp any host 13.45.67.8 eq 500
 PPTP:
  access-list outside_in permit gre any host 13.45.67.8
  access-list outside_in permit tcp any host 13.45.67.8 eq 1723
 UNK:
   access-list outside_in permit ip any host 13.45.67.8

Plus the sysopt:
   sysopt ipsec pl-compatible

Question: Why not just terminate the VPN's on the PIX itself? saves the expense of having yet another router on the inside, and takes all the guesswork out of what you need in the acls...
0
 
lrmooreCommented:
Can you be more specific in your requirements? You cannot add secondary addresses to a PIX like you can a router.
You can NAT multiple external addresses to multiple internal addresses though, if that's what you need to do..
0
 
JEEGOCommented:
Only one IP address can be assigned to the external NIC on your PIX 515
But you can assign mulitple addresses to your NAT "pool".
Ex:  ISP has given you the ff: useable IP addresses.
      1.2.3.4 -- 1.2.3.20
 In this case you can assign as ff:
      1.2.3.4                  --> External NIC
      1.2.3.5 - 1.2.3.10   --> Assigned to NAT pool so that internal hosts can browse external resources
      1.2.3.6                  --> Assigned to PAT Backup in case your NAT pool is exhausted
      1.2.3.7 - 1.2.3.15   --> Use for STATIC NAT or STATIC PAT to publish internal resources or create ACL
      1.2.3.16 -1.2.3.20  --> Extra IP's just in case

I hope this answers your question. Assign points to lrmoore. I am just elaborating on his answer.
Search the CISCO website for "pix configurations", and you will find numerous examples.

0
Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

 
MCHDMISDEPTAuthor Commented:
Yes.  I am trying to NAT multiple external addresses to multiple internal addresses...please advise
0
 
MCHDMISDEPTAuthor Commented:
JEEGO-

Thanks for the input...I am browsing PIX configs right now...
0
 
lrmooreCommented:
You can create multiple statics:

   static (inside,outside) <public IP1> <private IP1> netmask 255.255.255.255
   static (inside,outside) <public IP2> <private IP2> netmask 255.255.255.255
   static (inside,outside) <public IP3> <private IP3> netmask 255.255.255.255

Example:
    static (inside,outside) 13.45.67.8 192.168.100.100 netmask 255.255.255.255
    static (inside,outside) 13.45.67.9 192.168.100.101 netmask 255.255.255.255
    static (inside,outside) 13.45.67.10 192.168.100.102 netmask 255.255.255.255
0
 
MCHDMISDEPTAuthor Commented:
the inside, outside is perfect...now these outside addressess are going to be used for VPN...meaning, a user at home will vpn to 13.45.67.8...the PIX will nat this to a 1710 router thats WAN int is set to a private address on my network, the 1710 supports VPN connectivity.  I belive I need to setup the PIX with sysopt...please advise.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.