Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

PIX 515U with multiple subnets behind trusted interface

3 views
Skip to first unread message

Brian Bergin

unread,
Sep 10, 2004, 5:46:07 PM9/10/04
to
We currently have servers on 10.0.0.0/24 (10.0.0.4 is the default gateway for
the LAN) which is almost full and want to add more. We're running a PIX 515U on
6.3.4 and would like to add a new network of 192.168.0.0/24 to that network.
The new network has no need to talk to the old one. Is this possible and if so
how would we point the 192.168.0.0/24 systems to the Default Gateway IP on the
PIX of 10.0.0.4? Can the PIX have multiple IPs assigned to the inside interface
so the 192.168.0.0/24 can point to 192.168.0.1 as the DG?

Am I crazy? What am I missing? Thanks...

Thanks...
Brian Bergin

I can be reached via e-mail at
cisco_dot_news_at_comcept_dot_net.

Please post replies to the group so all may benefit.

NOTICE: Use of this information is contingent upon acceptance of Paragraph 17 of Terabyte's Terms and conditions located at http://terabyte.net/terms.htm#postings.

S. Gione

unread,
Sep 10, 2004, 10:52:44 PM9/10/04
to
My suggestion would be to change your subnet mask to 16 bits (or even 8
bits) to increase the number of hosts available.

"Brian Bergin" <see_f...@bottom.com.no_domain> wrote in message
news:dq74k0ln89tdcvka0...@4ax.com...

Walter Roberson

unread,
Sep 11, 2004, 12:40:43 PM9/11/04
to
In article <dq74k0ln89tdcvka0...@4ax.com>,
Brian Bergin <see_f...@bottom.com> wrote:
:We currently have servers on 10.0.0.0/24 (10.0.0.4 is the default gateway for

:the LAN) which is almost full and want to add more. We're running a PIX 515U on
:6.3.4 and would like to add a new network of 192.168.0.0/24 to that network.
:The new network has no need to talk to the old one. Is this possible and if so
:how would we point the 192.168.0.0/24 systems to the Default Gateway IP on the
:PIX of 10.0.0.4? Can the PIX have multiple IPs assigned to the inside interface
:so the 192.168.0.0/24 can point to 192.168.0.1 as the DG?

The PIX cannot have multiple IPs assigned to any logical interface.
If you have an 802.1Q aware switch as the backend to the PIX, you
could configure two logical interfaces (VLANs) on the same physical
interface -- that's now possible down to the PIX 506 [but not the 501.]

If you don't want to use 802.1Q VLANs, then you need an inside
router, and you need a 'route' statement on the PIX pointing the
new 192.168/24 net to the router's presence in 10.0.0/24 .
--
100% of all human deaths occur within 100 miles of Earth.

Brian Bergin

unread,
Sep 11, 2004, 1:10:46 PM9/11/04
to
robe...@ibd.nrc-cnrc.gc.ca (Walter Roberson) wrote:

Ok, I understand. How about if I go to something like 10.0.0.0/23 and use
255.255.254.0 as my subnet mask and move all the new systems onto 10.0.1.0? Am
I totally off base?

TIA...
BSB

0 new messages