Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Pix external inteface and multiple IP address - is it possible?

from [MOYA Yves] Network Security [Permanent Link]
Subject: RE: Pix external inteface and multiple IP address - is it possible?
Date: Fri, 17 Mar 2006 09:21:45 +0100 
Hello,

 

My Internet router has only one interface directly connected to the PIX.

 

"you need to configure that port to be part of both vlans and trunk that."

 

How can I do that?

 

Thanks,

 

Yves

________________________________

De : Anantha K [mailto:tra_krishnan@rediffmail.com] 
Envoyé : vendredi 17 mars 2006 07:30
À : MOYA Yves; 'Aaron Rohyans'; firewalls@securityfocus.com
Objet : RE: Pix external inteface and multiple IP address - is it possible?

 

VLAN's in PIX will work for you sure, all you need to do is like this. 
Configure VLAN's on the outside interface , I mean the interface that is 
connected to the Internet router.

 

can change the security level  then you need to connect this to a switch which 
understands trunking.  Refer Cisco documentation on setting up of vlans in PIX 
as well switches for better understanding on this.

 

The reason why I say is that since you have only one physical port and at the 
same time, have  two vlans, each one representing your ISP assigned IP, the 
switch port to which this PIX outside interface connected should be able to 
understand both the VLAN packets .

 

 you need to configure that port to be part of both vlans and trunk that.

 

Also your Internet router should have two interfaces one representing each of 
the IP blocks so that each interface represents one ip block for you . In this 
case dual ip address will not work because PIX will treat each IP block as a 
separate interface.

 

When you do this , you can have two IP segments get working and of course you 
need to do more configuration , like NAT or static for the other range in your 
PIX to work as well.

 

 

let me know if you need more help on this to understand better :)

 

 


  

 

 

________________________________

From: MOYA Yves [mailto:Yves.MOYA@akerys.fr] 
Sent: Wednesday, March 15, 2006 7:55 PM
To: Aaron Rohyans; firewalls@securityfocus.com
Subject: RE : Pix external inteface and multiple IP address - is it possible?

hello, 

 

I've same problem with a 515E

 

can I set the outside IP multiple range ?

 

ip address outside 192.168.100.1 255.255.255.0

and at same time 

ip address outside 192.168.200.1 255.255.255.0 ?

 

I want to do that because my company bought 2 range of public address that are 
disjoined

 

I try VLAN, didn't work...

 

thanks,

 

Yves

 

________________________________

De: Aaron Rohyans [mailto:aaronr@imcu.com]
Date: mar. 14/03/2006 21:58
À: firewalls@securityfocus.com
Objet : Re: Pix external inteface and multiple IP address - is it possible?

It depends how you want the PIX to "listen" on the IPs.  You can only assign 
one IP address to the external interface, but you can have the PIX "listen" 
on other IP address and statically translate them or map them to an internal 
device such as a server.  For instance:

**Set the outside IP**
ip address outside 192.168.100.1 255.255.255.240

**Set up static translations for the PIX to "listen" on other IPs**
The first entry tells the PIX to "listen" on 192.168.100.2 and when it 
receives data on that IP, translate and send the data to the internal IP of 
10.0.10.25
The same goes for the second entry only listening on 192.168.100.3
static (inside,outside) 192.168.100.2 10.0.10.25 netmask 255.255.255.255 0 0
static (inside,outside) 192.168.100.3 10.0.10.25 netmask 255.255.255.255 0 0

Hope this helps!
Aaron


----- Original Message ----- 
From: "Ade" <adrian.bradshaw@gmail.com>
To: <firewalls@securityfocus.com>
Sent: Tuesday, March 14, 2006 2:49 PM
Subject: Pix external inteface and multiple IP address - is it possible?


This may seem like a silly question, but can the external interface of
a PIX (515) have more than one IP address ?

A company Ive been contracted, have a range of IPs and want some
listening on one port and some on another, but do you think I can find
how to assign multiple IPs to the external intrerface?

I have found some forum posts that say its not possible - but surely
that  cant be true?

Thanks, Adrian

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________


_____________________________________________________________________________
Scanned by Sanmina-SCI eShield 
_____________________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  cisco pix 501 vpn with windows client, Imran Imtiaz
Next by Date:  RE: Pix external inteface and multiple IP address - is it possible?, Anantha K
Previous by Thread:  RE: Pix external inteface and multiple IP address - is it possible?, Mofeez Kazi
Next by Thread:  swap internet access, d . mbouroukounda
Indexes:  [Date] [Thread] [Top] [All Lists]