Two IPs on same port?

A client has a pix 501.  He had one IP address range for the last couple of years.  Now he needed another. So he called the ISP and they gave him a new Network/IP address.  The Question:  Can I use both network/IP address ranges on the pix at the same time?  If so please explain how.

The current setup:
public IP:  216.83.100.146
gateway:  216.83.100.154


The new one:
public IP:  209.11.239.198
gateway:  209.11.239.197
mask of 255.255.255.252
cyberlewAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rsivanandanCommented:
ISP is going to route both the address range back to that PIX so you can use it the way you want it.

Now as I understand from your statement, he has been having the first one for quite some time so PIX is configured with that. You can use the second range to do like Static Natting for servers etc? It would be easy if we know why the client needed another??? That is what you would use this ip range.

Cheers,
Rajesh
0
cyberlewAuthor Commented:
They want to use it for rdp to a second server.  One option they have is to use a different port on the current public IP.  So, back to the issue,  how do you tell the pix both IP addresses are assinged to the single pix port?  Or are you telling me that the ISP wll convert the new range to the old range and forward it to their pix???  That sound like crazy talk if I understand what your saying.
0
rsivanandanCommented:
No. the ISP will not convert nothing. What they will do from now is to forward traffic addresses to first address range and second address range to your PIX and that is how it works.

You can use the new IP range for your RDP, don't use the existing one to port forward. Do something like this;

static(inside,outside) tcp <NewPublicIP> 3389 <InternalRDPHost> 3389

access-list 100 permit tcp <foreignIP> host <NewPublicIp> eq 3389

access-group 100 in interface outside

Or you can make the access-list entry part of the ones you already might have.

Cheers,
Rajesh
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

rsivanandanCommented:
No, on how PIX will understand the new ip range even though it is not assigned to any of the ports;

When you define a static entry, it understands to listen on all the ip's listed in the PIX configuration via a Static and that is how it works. So as long as your ISP forwards it to you, it will work.

Cheers,
Rajesh
0
cyberlewAuthor Commented:
Thanks For the help!!
0
rsivanandanCommented:
No Problem.

Cheers,
Rajesh
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.