Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

inside interface IP Address

Status
Not open for further replies.
TalentedFool

TalentedFool

Programmer
Joined
Jul 23, 2001
Messages
214
Location
GB

Basic scenario - I have a 1700 series router in front of a PIX 515 firewall.

The interface on the router that connects to the PIX. Does this need to have a public IP address or can this be anything I want, within reason ?

This is due to the fact that I now have two different ISP's and obivously I have two different sets of IP address pools. Currently the interface is configrued for ISP 1 and using one of their public IP's. I want to be able to push traffic from my PIX to the router under an IP that I control not one of my ISP's so I can route the traffic to each connection.

Thanks


~ Remember - Nothing is Fool Proof to a Talented Fool ~
 
Sort by date Sort by votes
I am assuming the router is on the "outside" of the firewall? At any rate the answer depends, I have configure both ways for customers. Since you are using a PIX you can have a private IP on the outside interface and do NAT on your pool of real IP's without any problems.

The router will have to have a real IP on the WAN side. If you use a private IP on the LAN (PIX side) then you will need a static route pointing to the PIX for your real IP pool.

It is probably easier to just use real IP's.
 
Upvote 0 Downvote

Hi,

OK let me explain what I've done so far in a bit more detail so you get a better understanding ..

I've got two internet subnets 172.30.212.0 255.255.254.0 and 172.30.214.0 255.255.255.0.

The 212/213 Range I want to use ISP 1 (1.2.3.4) and the 214 I want to use ISP 2 (4.3.2.1). I've got my PIX setup so that that is doing the NAT of the IP addresses to the PUBLIC ip addresses of my ISP. I didn't set the PIX Up originally and my boss wants it kept that way.

So now, on the router there are two sets of IP addresses hitting it 1.2.3.4 and 4.3.2.1 - Currently the Router is setup to only allow 1.2.3.4 traffic through as the IP address of the inside interface is 1.2.3.4 255.255.255.248

Want I want is a way to allow both 1.2.3.4 and 4.3.2.1 address ranges to get through the router without being translated and I think it's all to do with the address of the Inside interface.

How do I allow two different subnets access to the inside interface?

Like I said, the PIX has to do do the NAT to the public IP as this is what my boss wants.

~ Remember - Nothing is Fool Proof to a Talented Fool ~
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

B
  • Locked
  • Question Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
389
badwolf1686
B
PThomp3344
  • Locked
  • Question Question
Trying to connect to Cisco Unified Controller web interface: UC520W-16U-4FXO-K9
Replies
1
Views
668
nt8d09
nt8d09
jobsp90
  • Locked
  • Question Question
I have a issue in my office hospital network regarding using IPPBX software.
Replies
2
Views
511
DavetheChef
DavetheChef
NavinNet
  • Locked
  • Question Question
Why 2 different mac addresses of a server are being shown of CISCO 6509E Layer-3 Switch ?
Replies
0
Views
272
NavinNet
NavinNet
Delta5
  • Locked
  • Question Question
Cisco setting for automatic ip arp cache refresh
Replies
3
Views
1K
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top