[c-nsp] PIX IP Aliasing

[Nicolaj Ottsen]

If running 6.3.x you should route the subnet to the outside interface
like this ..

route outside x.x.x.x x.x.x.x y.y.y.y 0

We expirenced some arp problems after upgrading to 6.3.x this command
solved them.

I can recommed "Giude to PIX firewalls" ISBN : 1-931836-63-9, I found it
very usefull.

/Nicolaj

-----Original Message-----
From: Paul Stewart [mailto:pauls at nexicom.net] 
Sent: 5. oktober 2004 18:58
To: rwcrowe at comcast.net
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] PIX IP Aliasing

Thanks.. I thought you had to add it as you would a secondary on a
router.. but got it figured out thanks..:)

On Tue, 2004-10-05 at 12:37, rwcrowe at comcast.net wrote:
> Unless I'm unclear on your requirements, you don't really need a
secondary interface, just a free public IP address from your external
pool.
> 
> To translate tcp port 80:
> 
> static (inside,outside) tcp x.x.x.x 80 y.y.y.y 80
> 
> To translate udp port 53:
> 
> static (inside,outside) udp x.x.x.x 53 y.y.y.y 53
> 
> You can translate either tcp or udp and any port.
> Where x.x.x.x is a free public IP address and y.y.y.y is the IP
address of the internal host.
> 
> --
> Rob Crowe
> rwcrowe at comcast.net
> 
> 
> > We have a 515E PIX... I'm trying to add a secondary interface to the

> > Outside.  This is so I can setup port translations to map to an 
> > internal box (two ports).
> > 
> > I've done this using the interface IP before and it worked but I'd 
> > like this to be done a secondary IP on the same interface.. can this
be done?
> > 
> > Thanks,
> > 
> > Paul
> > 
> > 
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/