Firewall Wizards mailing list archives

Re: Multiple Outside IPs on Cisco PIX 6.3.3

From: "Christopher J. Wargaski" <wargo1 () gmail com>
Date: Thu, 15 Jan 2009 14:53:46 -0600

Josiah--
   You can not add secondary IP addresses or aliases to a PIX interface, you
need to use static NAT maps to use the other public IP addresses. All of the
addresses must be in the same subnet, too. So you can have:

ip address outside 4.147.128.90 255.255.255.248
static (inside,outside) tcp 4.147.128.91 smtp 192.168.20.12 smtp netmask
255.255.255.255
static (inside,outside) tcp 4.147.128.91 https 192.168.20.12 https netmask
255.255.255.255
static (inside,outside) 4.147.128.92  192.168.20.25 smtp netmask
255.255.255.255

   The PIX will take care of proxy ARP for you.


You can NOT have:
ip address outside 4.147.128.90 255.255.255.248
static (inside,outside) tcp 5.147.128.91 smtp 192.168.20.12 smtp netmask
255.255.255.255
static (inside,outside) tcp 5.147.128.91 https 192.168.20.12 https netmask
255.255.255.255
static (inside,outside) 6.147.128.92  192.168.20.25 smtp netmask
255.255.255.255



On Tue, Jan 13, 2009 at 11:01 AM, Josiah Bryan <
jbryan () productiveconcepts com> wrote:

Rather new to the advanced pix configs - I've been doing basic pix
config/maint for the past 3 years.

I've got 13 public IPs that are coming in thru a cable modem to my PIX. The
fist IP is routing correctly, but I can't seem to figure out how to get the
PIX to accept any of the other IPs that I've bought.

Now, I'm used to the linux (redhat background) method if adding an alias to
an interface, eg:
ifconfig eth0:0 1.2.3.4
ifconfig eth0:1 5.6.7.8
.. and so on and so forth.

Basically, is an equivalent operation possible with the PIX? (Running PIX
ver 6.3(3))

(Of course, I'd like to be able to do static translation based on incoming
IP, but I think I've got that line covered: "static (inside,outside) tcp
1.2.3.4 smtp 10.0.1.51 smtp netmask 255.255.255.255 0 0").

How do I add multiple "aliases" (for lack a better term) to the outside
interface?

Thanks in advance for your patience and advice.

Regards,
Josiah Bryan

--
Josiah Bryan
IT Manager
Productive Concepts, Inc.
jbryan () productiveconcepts com
(765) 964-6009, ext. 224

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Multiple Outside IPs on Cisco PIX 6.3.3 Josiah Bryan (Jan 15)
- Re: Multiple Outside IPs on Cisco PIX 6.3.3 Christopher J. Wargaski (Jan 15)
- Re: Multiple Outside IPs on Cisco PIX 6.3.3 Chris Myers (Jan 15)