RE:PIX-520 help...

["Payne, Patrick" <Patrick.Payne () Select com>]

Ross,

If you only have 1 registered address and need to use it for the outside
interface and NAT, then you'll need to upgrade to version 5.2 from your
current version, 5.1(2).  If you do decide to upgrade, make sure you check
your current flash memory because 5.2 requires 16MB flash whereas previous
versions required only 2MB flash.  Newer 520 boxes shipped with 16MB but
older boxes need a flash upgrade before you upgrade the software.  

To summarize, using PIX software prior to 5.2 you need a minimum of 2
registered addresses and starting with 5.2 you can get by with just one
regsitered addresss.

Pat


From: "R. Corona" <goniners () home com>
To: <firewall-wizards () nfr com>
Date: Thu, 23 Aug 2001 08:39:48 -0400
Subject: [fw-wiz] RE:PIX-520 help...

Thanks so much everyone ... I changed the global command to reflect IP's
that are on a range of outside "real" IP's, and it works!!

  I still have one question though.  If one only has a single public
internet IP, how can you issue the global statement in a proper way?  If my
outside ip is 65.8.165.98 , and I issue the global command "global (outside)
1 65.8.165.99-65.8.165.254 netmask 255.255.255.0 it works just fine.  But is
it actually using the public IP's .99 - 254?  Or are these IP's used in a
virtual sense?  I tried to use only my own IP, but the PIX refused to use
it's own outside IP as it's global ID.  In my case can I use the range
65.8.165.99-65.8.165.254 without causing a conflict with the registerred
users of those public IP's?  What is the minimum number of outside IP's one
must have for the PIX to function properly doing NAT?

Thanks a lot,

Ross
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards