Add extra IPs to outside interface in 506E

I have a PIX 506E with a single public IP on it's outside, but we have

4 more IPs available to us in a /30 subnet. I need to know if I can add these extra IPs to the outside interface and set up translation rules to different servers inside.





The Techie
I think you needn't to "add" more IP addresses to the interface. Just use the translations (static NAT) rules and the PIX will intercept all the traffic going towards those addresses and if correctly configured it will forward the traffic of interest to internal servers. Obviously those 4 addresses must be forwarded to it by the previous hop. Bye,


The PIX is, though, happy to handle any number of different IPs for traffic passing *through* the PIX. It will often proxy ARP for the IPs (no matter what subnet they are), but there are some instances in which proxy ARP is disabled so it is best not to count on that and to instead explicitly route the extra IPs to the official PIX interface IP.

Walter Roberson

Their are 2 possibility to use extra IPaddresses

  1. PAT thats is patting all internal IPs to extra IPs for better performance of Web traffic.

  1. Static NAT that is statically mapping IP one to one (extrnal IP to internal server)

If not inthis two icant understand whatyou aksed pleas ebe more specific?

Regards.. CK-NET

Hi Alex,

I suspected this was the case, but my previous config attempts must have been wrong! I have just now created a new static PAT through to a host on the inside, using one of my alternate IPs, and with the correct port opened in the ACL, the connection worked fine. Thanks for your assistance.


