2 public IP into Cisco 501

Hello all,

My office have a Cisco pix 501. We want to use another public ip that going to forward into this Axis video camera server. How would I go about this? Btw, i got it to work with single public IP, but Im abit perplexed when comes to setup 2 public IP in one single box. Any hints and tip would kindly appreciated.

kl

Reply to
kennylee88
Loading thread data ...

add another static with the new IP, its that simple !

Reply to
Martin Bilgrav

Are the IP's on the same subnet as the current outside IP? How many IP address has your ISP allocated to you?

Reply to
Smokey

That really doesn't matter, as long as the IP's are routed towards to PIX outside, the PIX will answer for the IP, if it has a static for it and a ACL. I.e. your PIX outside IP doesnt have to be on the same subnet as the static IP, but the pix will answer for it.

HTH Martin

Reply to
Martin Bilgrav

As I do understand and yes you are right, I must have misread the OP's post because I thought we were talking about IP address that are on different subnets via different providers. But as you have posted yes you are right the setup would be:

Your Public IP's 1.1.1.1 - 1.1.1.6 and your subnet is 255.255.255.248 and the PIX outside interface is 1.1.1.1 and .2 - .6 are usable then

static (inside,outside) 1.1.1.2 netmask 255.255.255.248 192.168.0.100

255.255.255.255

access-list outside_access_in permit tcp any host 1.1.1.2 eq whateverportaxisuses

and the 192.168.0.100 would be the internal IP of the axis server...

Sorry for the brain mishap, it is monday however :)

Reply to
Smokey

and in addition to this, if you have a secondary or second IP range routed to the same ethernet segment as the pix outside interface. fx sec range = 2.2.2.1 -.6 you can do this, even if your pix outside = 1.1.1.1 : static (inside,outside) 2.2.2.2 192.168.0.101 netmask 255.255.255.255 access-list outside_access_in permit tcp any host 2.2.2.2 eq whateverportaxisuses

(btw your static syntax is wrong) HTH Martin

Reply to
Martin Bilgrav

Ah, no netmask on the public interface... Thanks...

Reply to
Smokey

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.