Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX 515, smart enough for 255.255.252.00 subnet

Status
Not open for further replies.
m3the01

m3the01

Technical User
Feb 21, 2002
41
CA
I am currently in the process of converting to from a 255.255.255.0 subnet of 254 hosts to a 255.255.252.0 subnet of 1022 hosts. On a pix config, is it smart enough to take a say
a
telnet 192.12.20.0 255.255.252.0 inside


In theory it should see all address's from 192.12.20.1-192.12.23.254

Is it smart enough?? Or do i need to add entries for 192.12.20.X
192.12.21.X
192.12.22.X
192.12.23.X

thanks in advance,

Steven
 
Sort by date Sort by votes
if your pix is configured for a /24 mask it wont accept an adress from inside outside that range.

Network Systems Engineer
CCNA/CQS/CCSP/Infosec
Check the danish Cisco CSA Forum here :
 
Upvote 0 Downvote
Sorry what are you trying to say, if its configured for a /24 mask it wont accept an address inside outside that range.

The best i can make out is your saying is if the inside interface is configured for a /24 subnet then it will not accept any /22 subnets in its access lists.

I tested this out last night with complete success. I have many remote sites and one central site. The central site is the reason for the supernet, its ran out of ip-address and we didnt need seperate subnets and the cost associated with the logical routing of those subnets. So i converted the central site to a /22 subnet and now has 1022 available address's. I only had to add new entries on the central pix 515 which reflected the change in subnet. On the remote pix 506's which are still on there own ip and /24 subnet i simply added a new entry for nonat, 101 and 122 entries for the central site which is now on the /22 subnet./

Everything worked perfect,

thanks for the info.

 
Upvote 0 Downvote
I think what dopehead was trying to say is that if you changed from a /24 to a /22, that's fine as long as you re-ip your pix interface as well to reflect the /22 subnet mask.

So say if you had 192.168.0.1 255.255.255.0, now you'd re-configure the interface for 192.168.0.1 255.255.252.0
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
805
Johnkite
Johnkite
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
680
XLNTech1
XLNTech1
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
994
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
281
WhosYourDiffie
WhosYourDiffie
DROFNUD
  • Locked
  • Helpful tip
Smartcenter Dashboard - Searching for "Any" keyword
Replies
0
Views
177
DROFNUD
DROFNUD

Part and Inventory Search

Sponsor

Back
Top