Solved

Setup multiple IP addresses on PIX

Posted on 2004-10-13
7
176 Views
Last Modified: 2013-11-16
Need to setup multiple "external" IP address on my PIX515.  How do I set this up?  
0
Comment
Question by:MCHDMISDEPT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12304941
Can you be more specific in your requirements? You cannot add secondary addresses to a PIX like you can a router.
You can NAT multiple external addresses to multiple internal addresses though, if that's what you need to do..
0
 
LVL 1

Expert Comment

by:JEEGO
ID: 12309124
Only one IP address can be assigned to the external NIC on your PIX 515
But you can assign mulitple addresses to your NAT "pool".
Ex:  ISP has given you the ff: useable IP addresses.
      1.2.3.4 -- 1.2.3.20
 In this case you can assign as ff:
      1.2.3.4                  --> External NIC
      1.2.3.5 - 1.2.3.10   --> Assigned to NAT pool so that internal hosts can browse external resources
      1.2.3.6                  --> Assigned to PAT Backup in case your NAT pool is exhausted
      1.2.3.7 - 1.2.3.15   --> Use for STATIC NAT or STATIC PAT to publish internal resources or create ACL
      1.2.3.16 -1.2.3.20  --> Extra IP's just in case

I hope this answers your question. Assign points to lrmoore. I am just elaborating on his answer.
Search the CISCO website for "pix configurations", and you will find numerous examples.

0
 

Author Comment

by:MCHDMISDEPT
ID: 12311658
Yes.  I am trying to NAT multiple external addresses to multiple internal addresses...please advise
0
Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

 

Author Comment

by:MCHDMISDEPT
ID: 12311698
JEEGO-

Thanks for the input...I am browsing PIX configs right now...
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12311762
You can create multiple statics:

   static (inside,outside) <public IP1> <private IP1> netmask 255.255.255.255
   static (inside,outside) <public IP2> <private IP2> netmask 255.255.255.255
   static (inside,outside) <public IP3> <private IP3> netmask 255.255.255.255

Example:
    static (inside,outside) 13.45.67.8 192.168.100.100 netmask 255.255.255.255
    static (inside,outside) 13.45.67.9 192.168.100.101 netmask 255.255.255.255
    static (inside,outside) 13.45.67.10 192.168.100.102 netmask 255.255.255.255
0
 

Author Comment

by:MCHDMISDEPT
ID: 12311969
the inside, outside is perfect...now these outside addressess are going to be used for VPN...meaning, a user at home will vpn to 13.45.67.8...the PIX will nat this to a 1710 router thats WAN int is set to a private address on my network, the 1710 supports VPN connectivity.  I belive I need to setup the PIX with sysopt...please advise.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 12312121
You need access-lists and sysopt:
Depending on what type VPN's and their requirements:
 IPSEC:
  access-list outside_in permit tcp any host 13.45.67.8 eq 50
  access-list outside_in permit udp any host 13.45.67.8 eq 500
 PPTP:
  access-list outside_in permit gre any host 13.45.67.8
  access-list outside_in permit tcp any host 13.45.67.8 eq 1723
 UNK:
   access-list outside_in permit ip any host 13.45.67.8

Plus the sysopt:
   sysopt ipsec pl-compatible

Question: Why not just terminate the VPN's on the PIX itself? saves the expense of having yet another router on the inside, and takes all the guesswork out of what you need in the acls...
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question