configuring inside and outside IP address

Posted on 2008-11-12
Last Modified: 2012-06-27
I have a PIX that I am working on.  I have worked with other Cisco products before, but only for updating already configured devices.  This one is from scratch.

I was trying to set the IP addresses for the device and found that you can not set the IPs for the outside and inside to be the same.

I was looking to have the Pix use the modem as a gateway and then have all my other devices use the Pix as a gateway.  I was going to assign the inside and outside IP address the same to make things easy, but it looks like I wil need to assign a different subnet to one of the two?

Any suggestions?  Also if anyone has some links about programming a PIX, it would be great.
Question by:ryan80
    LVL 14

    Expert Comment


    If your ISP provides DHCP then enter tthe address with the following command:
    IP Address outside dhcp setroute

    Set your internal IP address to a non-routable address like (default for a pix 501)

    Hope this helps.  By the way if this is a new unit then CISCO will help you set it up for FREE.
    LVL 3

    Expert Comment

    Are you sure you want the PIX to use the modem as the gateway? What type of modem is it - i.e. a home ADSLRouter/Modem or a commercial type dedicated modem?
    Since you want the pix to use the modem as the gateway I will assume it is a router/modem. if this is the case you just need to set the Outside IP address of the PIX to be on the same subnet as the private IP of the modem, and then set a default route pointing at the modem,
    Then on the Inside interface set an IP that is valid for your internal subnet in use and point your clients to this IP as their default gateway - when traffic comes into the PIX if there is no specific route for it, the PIX will adhere to its default route and send the traffic to the modem/router which by the looks of your question is what you want.
    If your modem is not a router/modem type than as mentioned by Kutyi ^ set the outside IP to pick up a DHCP IP from the ISP via the modem and just assign the Inside interfaces IP as normal and still point your internal hosts to this IP as their Default Gateway - the PIX will do the rest for you.
    LVL 6

    Expert Comment

    this is the most configuration for pix / asa example:

    10.0.0.x(LAN) <---> (inside) PIX (outside) <-----> ADSL x.x.x.x(internet address)

    gateway for clients will be , gateway for pix will be .

    another common solution will be:
     10.0.0.x(LAN) <---> (inside) PIX (outside) dhcp / internet address <-----> ADSL with DMZ mode

    NO same subnet ip address can be assigned for inside and outside, because will cause device confusion where to pass 10.x.x.x network for example.
    Also Access will not be able to be configured properly between inside and outside.
    Additional infos,  outside will have lower security level setting (e.g 0) , inside will have higher (e.g 100)

    LVL 12

    Author Comment

    I guess what i really wanted to do is this:

    i already have a Sonicwall device that I use as my firewall/ router.  i am really just learning Cisco configurations and wanted to use the PIX as a test bed.  i was hoping to have it be inside my network and have both ends be in the same subnet and then do static routing for the IPs that would be on the LAN side of the PIX.  This way I could put one computer behind the PIX firewall to test the firewall.

    I guess I could do static routing of another subnet throught the PIX and make the computer behind the PIX accessable to the rest of the network.

    Does this sound feasable?
    LVL 6

    Accepted Solution

    ok, that's possible.
    but we will have to do it differently ( as no same ip subnet can be assign on outside and inside of the pix)

    It's gona be like this:
    PIX (outside) 10.0.0.x connect to sonicwall device 10.0.0.x
    PIX (inside) connect to test pc (

    -how to get the pc talk to the 10.0.0.x network ?
    by using NAT static (inside,outside) and and (outside,inside) , and possibly PAT too if required for certain traffic only.
    so what happen, when pc tries to reach the 10.x.x.x network, it will not have source 192.x.x.x anymore. NAT will change the pc ip to 10.x.x.x and will able to have access.

    -how to apply access list?
    apply access list on the pix (inside, outside, vice versa), certain 192..x.x.x allow/block certain 10.x.x.x destionaion or source.

    Im just giving general idea here, for commands try google: nat (inside,outside) x.x.x.x bla bla

    LVL 12

    Author Closing Comment

    Ok figured that I would have to do something like this.  Thanks for the input.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Join & Write a Comment

    Cisco Pix/ASA hairpinning The term, hairpinning, comes from the fact that the traffic comes from one source into a router or similar device, makes a U-turn, and goes back the same way it came. Visualize this and you will see something that looks …
    Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now