Re: 2 external subnets on a PIX

Giganews Newsgroups
Subject: Re: 2 external subnets on a PIX
Posted by:  ChuckC (chit…
Date: Tue, 16 Dec 2003

Since the new range of IPs are routed from your ISP to your PIX, I assume
you want to map the new external IPs to an internal/DMZ servers within your

1. Created STATIC NAT (one-to-one mapping), let say the server is on the dmz
and your range is and your DMZ server is

    static (dmz, outside) netmask

2. Created an access-list if you don't have one for the external interface
to allow the traffic to this DMZ server, let say the server is hosting a
shoutcast server on port 8000

    access-list outside_in permit tcp any host eq 8000

3. Bind the access-list outside_in to the outside interface

    access-group outside_in in interface outside

The PIX should automatically ARP for the new IPs.


"Rob Collins" <rob_colli…> wrote in message
> Hi,
> I have a client who has used up all her allocated Public IP addresses,
> so the ISP has given her a new range. I want to add this range onto
> the external port of the PIX. I want to use both external ranges.
> How do I do this?
> Using Global,Static and NAT commands?
> Please help.



In response to

2 external subnets on a PIX posted by Rob Collins on 8 Dec 2003