Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: RE : Pix external inteface and multiple IP address - is it possible?

from [Jalal Bouhdada] Network Security [Permanent Link]
Subject: Re: RE : Pix external inteface and multiple IP address - is it possible?
Date: Wed, 15 Mar 2006 20:43:18 +0100 
Yves,

You can assign only one IP adress per physical interface, however you can
use NAT to make your internal networks/hosts communicate with other networks
with a low security-level.

So can use static NAT or set up an IP forwarding on your external interface
(PAT) to translate  traffic to a given host.

Don't forget to run the "clear xlate" after configuring NAT.

Regards,
Jalal

On 3/15/06, MOYA Yves <Yves.MOYA@akerys.fr> wrote:


 hello,

I've same problem with a 515E

can I set the outside IP multiple range ?

ip address outside 192.168.100.1 255.255.255.0
and at same time
ip address outside 192.168.200.1 255.255.255.0 ?

I want to do that because my company bought 2 range of public address that
are disjoined

I try VLAN, didn't work...

thanks,

Yves

 ------------------------------
 *De:* Aaron Rohyans [mailto:aaronr@imcu.com]
*Date:* mar. 14/03/2006 21:58
*À:* firewalls@securityfocus.com
*Objet :* Re: Pix external inteface and multiple IP address - is it
possible?

 It depends how you want the PIX to "listen" on the IPs.  You can only
assign
one IP address to the external interface, but you can have the PIX
"listen"
on other IP address and statically translate them or map them to an
internal
device such as a server.  For instance:

**Set the outside IP**
ip address outside 192.168.100.1 255.255.255.240

**Set up static translations for the PIX to "listen" on other IPs**
The first entry tells the PIX to "listen" on 192.168.100.2 and when it
receives data on that IP, translate and send the data to the internal IP
of
10.0.10.25
The same goes for the second entry only listening on 192.168.100.3
static (inside,outside) 192.168.100.2 10.0.10.25 netmask 255.255.255.255 0
0
static (inside,outside) 192.168.100.3 10.0.10.25 netmask 255.255.255.255 0
0

Hope this helps!
Aaron


----- Original Message -----
From: "Ade" <adrian.bradshaw@gmail.com <http://>>
To: <firewalls@securityfocus.com <http://>>
Sent: Tuesday, March 14, 2006 2:49 PM
Subject: Pix external inteface and multiple IP address - is it possible?


This may seem like a silly question, but can the external interface of
a PIX (515) have more than one IP address ?

A company Ive been contracted, have a range of IPs and want some
listening on one port and some on another, but do you think I can find
how to assign multiple IPs to the external intrerface?

I have found some forum posts that say its not possible - but surely
that  cant be true?

Thanks, Adrian

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email<http://>
______________________________________________________________________
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: RE : Pix external inteface and multiple IP address - is it possible?, Jalal Bouhdada <=
Previous by Date:  RE: swap internet access, sunil shah
Next by Date:  PIX dhcprelay via IPSec., Meidinger Chris
Previous by Thread:  RE : Pix external inteface and multiple IP address - is it possible?, MOYA Yves
Next by Thread:  PIX dhcprelay via IPSec., Meidinger Chris
Indexes:  [Date] [Thread] [Top] [All Lists]