Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Pix external inteface and multiple IP address - is it possible?

from [Anantha K] Network Security [Permanent Link]
Subject: RE: Pix external inteface and multiple IP address - is it possible?
Date: Fri, 17 Mar 2006 11:59:34 +0530 
VLAN's in PIX will work for you sure, all you need to do is like this.
Configure VLAN's on the outside interface , I mean the interface that is
connected to the Internet router.
 
can change the security level  then you need to connect this to a switch
which understands trunking.  Refer Cisco documentation on setting up of
vlans in PIX as well switches for better understanding on this.
 
The reason why I say is that since you have only one physical port and at
the same time, have  two vlans, each one representing your ISP assigned IP,
the switch port to which this PIX outside interface connected should be able
to understand both the VLAN packets .
 
 you need to configure that port to be part of both vlans and trunk that.
 
Also your Internet router should have two interfaces one representing each
of the IP blocks so that each interface represents one ip block for you . In
this case dual ip address will not work because PIX will treat each IP block
as a separate interface.
 
When you do this , you can have two IP segments get working and of course
you need to do more configuration , like NAT or static for the other range
in your PIX to work as well.
 
 
let me know if you need more help on this to understand better :)
 
 


  

 

  _____  

From: MOYA Yves [mailto:Yves.MOYA@akerys.fr] 
Sent: Wednesday, March 15, 2006 7:55 PM
To: Aaron Rohyans; firewalls@securityfocus.com
Subject: RE : Pix external inteface and multiple IP address - is it
possible?


hello, 
 
I've same problem with a 515E
 
can I set the outside IP multiple range ?
 
ip address outside 192.168.100.1 255.255.255.0
and at same time 
ip address outside 192.168.200.1 255.255.255.0 ?
 
I want to do that because my company bought 2 range of public address that
are disjoined
 
I try VLAN, didn't work...
 
thanks,
 
Yves
 
  _____  

De: Aaron Rohyans [mailto:aaronr@imcu.com]
Date: mar. 14/03/2006 21:58
À: firewalls@securityfocus.com
Objet : Re: Pix external inteface and multiple IP address - is it possible?


It depends how you want the PIX to "listen" on the IPs.  You can only assign

one IP address to the external interface, but you can have the PIX "listen" 
on other IP address and statically translate them or map them to an internal

device such as a server.  For instance:

**Set the outside IP**
ip address outside 192.168.100.1 255.255.255.240

**Set up static translations for the PIX to "listen" on other IPs**
The first entry tells the PIX to "listen" on 192.168.100.2 and when it 
receives data on that IP, translate and send the data to the internal IP of 
10.0.10.25
The same goes for the second entry only listening on 192.168.100.3
static (inside,outside) 192.168.100.2 10.0.10.25 netmask 255.255.255.255 0 0
static (inside,outside) 192.168.100.3 10.0.10.25 netmask 255.255.255.255 0 0

Hope this helps!
Aaron


----- Original Message ----- 
From: "Ade" <adrian.bradshaw@gmail.com>
To: <firewalls@securityfocus.com>
Sent: Tuesday, March 14, 2006 2:49 PM
Subject: Pix external inteface and multiple IP address - is it possible?


This may seem like a silly question, but can the external interface of
a PIX (515) have more than one IP address ?

A company Ive been contracted, have a range of IPs and want some
listening on one port and some on another, but do you think I can find
how to assign multiple IPs to the external intrerface?

I have found some forum posts that say its not possible - but surely
that  cant be true?

Thanks, Adrian

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________


____________________________________________________________________________
_
Scanned by Sanmina-SCI eShield
____________________________________________________________________________
_


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Pix external inteface and multiple IP address - is it possible?, MOYA Yves
Next by Date:  RE: PIX dhcprelay via IPSec., Meidinger Chris
Previous by Thread:  RE : Pix external inteface and multiple IP address - is it possible?, MOYA Yves
Next by Thread:  Re: RE : Pix external inteface and multiple IP address - is it possible?, Andrew Chan
Indexes:  [Date] [Thread] [Top] [All Lists]