|Subject:||Re: 2 external subnets on a PIX|
|Posted by:||ChuckC (chit…@quickclic.net)|
|Date:||Tue, 16 Dec 2003|
Since the new range of IPs are routed from your ISP to your PIX, I assume
you want to map the new external IPs to an internal/DMZ servers within your
1. Created STATIC NAT (one-to-one mapping), let say the server is on the dmz
and your range is 22.214.171.124/29 and your DMZ server is 192.168.50.12
static (dmz, outside) 126.96.36.199 192.168.50.12 netmask 255.255.255.255
2. Created an access-list if you don't have one for the external interface
to allow the traffic to this DMZ server, let say the server is hosting a
shoutcast server on port 8000
access-list outside_in permit tcp any host 188.8.131.52 eq 8000
3. Bind the access-list outside_in to the outside interface
access-group outside_in in interface outside
The PIX should automatically ARP for the new IPs.
"Rob Collins" <rob_colli…@myrealbox.com> wrote in message
> I have a client who has used up all her allocated Public IP addresses,
> so the ISP has given her a new range. I want to add this range onto
> the external port of the PIX. I want to use both external ranges.
> How do I do this?
> Using Global,Static and NAT commands?
> Please help.
2 external subnets on a PIX posted by Rob Collins on 8 Dec 2003