Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 194
  • Last Modified:

Setup multiple IP addresses on PIX

Need to setup multiple "external" IP address on my PIX515.  How do I set this up?  
0
MCHDMISDEPT
Asked:
MCHDMISDEPT
  • 3
  • 3
1 Solution
 
lrmooreCommented:
Can you be more specific in your requirements? You cannot add secondary addresses to a PIX like you can a router.
You can NAT multiple external addresses to multiple internal addresses though, if that's what you need to do..
0
 
JEEGOCommented:
Only one IP address can be assigned to the external NIC on your PIX 515
But you can assign mulitple addresses to your NAT "pool".
Ex:  ISP has given you the ff: useable IP addresses.
      1.2.3.4 -- 1.2.3.20
 In this case you can assign as ff:
      1.2.3.4                  --> External NIC
      1.2.3.5 - 1.2.3.10   --> Assigned to NAT pool so that internal hosts can browse external resources
      1.2.3.6                  --> Assigned to PAT Backup in case your NAT pool is exhausted
      1.2.3.7 - 1.2.3.15   --> Use for STATIC NAT or STATIC PAT to publish internal resources or create ACL
      1.2.3.16 -1.2.3.20  --> Extra IP's just in case

I hope this answers your question. Assign points to lrmoore. I am just elaborating on his answer.
Search the CISCO website for "pix configurations", and you will find numerous examples.

0
 
MCHDMISDEPTAuthor Commented:
Yes.  I am trying to NAT multiple external addresses to multiple internal addresses...please advise
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
MCHDMISDEPTAuthor Commented:
JEEGO-

Thanks for the input...I am browsing PIX configs right now...
0
 
lrmooreCommented:
You can create multiple statics:

   static (inside,outside) <public IP1> <private IP1> netmask 255.255.255.255
   static (inside,outside) <public IP2> <private IP2> netmask 255.255.255.255
   static (inside,outside) <public IP3> <private IP3> netmask 255.255.255.255

Example:
    static (inside,outside) 13.45.67.8 192.168.100.100 netmask 255.255.255.255
    static (inside,outside) 13.45.67.9 192.168.100.101 netmask 255.255.255.255
    static (inside,outside) 13.45.67.10 192.168.100.102 netmask 255.255.255.255
0
 
MCHDMISDEPTAuthor Commented:
the inside, outside is perfect...now these outside addressess are going to be used for VPN...meaning, a user at home will vpn to 13.45.67.8...the PIX will nat this to a 1710 router thats WAN int is set to a private address on my network, the 1710 supports VPN connectivity.  I belive I need to setup the PIX with sysopt...please advise.
0
 
lrmooreCommented:
You need access-lists and sysopt:
Depending on what type VPN's and their requirements:
 IPSEC:
  access-list outside_in permit tcp any host 13.45.67.8 eq 50
  access-list outside_in permit udp any host 13.45.67.8 eq 500
 PPTP:
  access-list outside_in permit gre any host 13.45.67.8
  access-list outside_in permit tcp any host 13.45.67.8 eq 1723
 UNK:
   access-list outside_in permit ip any host 13.45.67.8

Plus the sysopt:
   sysopt ipsec pl-compatible

Question: Why not just terminate the VPN's on the PIX itself? saves the expense of having yet another router on the inside, and takes all the guesswork out of what you need in the acls...
0

Featured Post

Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now