• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 579
  • Last Modified:

Pix 501 multiple external IP addresses

Hi

I need to replace a GTA gnatbox with a cisco pix 501, which would usually be straight forward enough, but theres a small catch.

The gnatbox supports aliasing multiple IP addresses to the exterrnal interface, which we currently use to provide for fault tolerance for email etc. After the external interface there is 2 adsl routers from 2 different ISP's, so the external interface has (for example) 100.100.100.101/248 as its primary IP, and 200.200.200.202/248 as its alias. Both 100.100.100.101 & 200.200.200.202 are port forwarded through to a mail & web server on the Lan.

How do you do this with the pix? I can only seem to specify 1 outside IP address at a time?

Cheers

Richard
0
heathcote123
Asked:
heathcote123
  • 2
  • 2
1 Solution
 
lrmooreCommented:
If you need the same functions, the PIX 501 is not the product for you. I'm a huge fan of the PIX, but it's not right for every situation. As you noticed, you can have one and only one IP address assigned to the interface, and you can have one and only one default gateway assigned at a time.
Wish I had better news for you. You might want to look at a Cisco 1841 security router. Most any Cisco router will provide that capability, but the new 1841 is designed for security applications like this.
0
 
heathcote123Author Commented:
I thought that may be the case. Thanks for confirming.
0
 
heathcote123Author Commented:
A follow up question if I may!

It's been suggested to me that the alias command can be used on the outside interface on the 501, though I couldnt find any documention to support using the alias command in that way.

Alternatively, if I went up to a 506, would that support multiple IP's on the outside interface?
0
 
lrmooreCommented:
No PIX supports multiple IP's on one interface. You can put any number of secondary IP's on any Cisco router interface, but alas, the PIX ain't a router.

Alias command has been deprecated and replaced by outside nat. It is used by internal users trying to connect to an internal server using the public IP address. Mainly. I don't see any use for it in your situation.


0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now