Re: 2 external subnets on a PIX

Giganews Newsgroups
Subject: Re: 2 external subnets on a PIX
Posted by:  ChuckC (chit…@quickclic.net)
Date: Tue, 16 Dec 2003

Since the new range of IPs are routed from your ISP to your PIX, I assume
you want to map the new external IPs to an internal/DMZ servers within your
network.

1. Created STATIC NAT (one-to-one mapping), let say the server is on the dmz
and your range is 1.1.1.1/29 and your DMZ server is 192.168.50.12

    static (dmz, outside) 1.1.1.2 192.168.50.12 netmask 255.255.255.255

2. Created an access-list if you don't have one for the external interface
to allow the traffic to this DMZ server, let say the server is hosting a
shoutcast server on port 8000

    access-list outside_in permit tcp any host 1.1.1.2 eq 8000

3. Bind the access-list outside_in to the outside interface

    access-group outside_in in interface outside

The PIX should automatically ARP for the new IPs.

Chuck

"Rob Collins" <rob_colli…@myrealbox.com> wrote in message
news:30a5691c.0312080654.2b6468…@posting.google.com...
> Hi,
>
> I have a client who has used up all her allocated Public IP addresses,
> so the ISP has given her a new range. I want to add this range onto
> the external port of the PIX. I want to use both external ranges.
>
> How do I do this?
>
> Using Global,Static and NAT commands?
>
> Please help.

Replies

None

In response to

2 external subnets on a PIX posted by Rob Collins on 8 Dec 2003