[c-nsp] PIX 506E handling multiple public networks
Daniel Lacey
daniel_p_lacey at yahoo.com
Wed Jan 10 12:25:49 EST 2007
Dear Sirs,
I have a PIX 506E running 6.3(4)
I would like to handle multiple public IP networks through the PIX, if
that is even possible.
I will use fictitious addresses to make it simple.
The current setup is pretty simple. The PIX (outside) interface is on a
subnet with the ISP.
The (inside) interface is connected to a 24 port catalyst 10/100 switch.
(2900 something).
The current setup statically NATs public to private IP addresses,
limiting traffic to a handful of well known TCP ports to access WWW and
some administrative ports.
ISP Router <=======> PIX (outside) (inside) <====> Catalyst
1.0.0.1/28 1.0.0.2/28 192.168.0.1 All nodes on
192.168.0.0/24
Now we would like to ramp up.
Behind the PIX would be a virtual web server farm of potentially 1200+
websites that will have individual public IP addresses.
These will be on more than one public IP block of addresses.
We want to keep the current /28, add a /23, then add another /2X, etc.
The additional networks will be statically routed from the ISP over the
existing link.
There will be very little traffic for such a large number of nodes, but
there is about 35Mbit of bandwidth currently available.
My question is:
Can I use the existing PIX to somehow make this work?
Any suggestions are welcome!
Thanks,
Dan
More information about the cisco-nsp
mailing list