Inside/outside IP on same network

[techracer74]

Long story as to the why, but ISP and client have made the situation to arise.

Customer connects to ISP via ethernet:
Internal-->PIX-->ISP-->internet

Does anyone know of a way to have both the inside and outside networks on the same subnet? I know this isnt the most secure and it disables part of what a firewall does, NAT. But, while I get the political side of it squared away, does anyone know if you can acomplish this on a pix?

I've seen other firewalls do it, Sonicwall, Netscreen...

Can anyone help?

TIA

 

[TreyJ]

What type of firewall are you using?

 

[TreyJ]

What I meant in my previous post was... what type of PIX are you running and what version IOS?

 

[techracer74]

PIX-525-UR-BUN w/ 6.3(3)



Thanks in advance,

Bryan

 

[soneji]

It isn't possible. If you try to set your inside IP address to the same subnet as your outside IP address it'll give you this error.

Sorry, not allowed to enter IP address on same network as interface 0

I've tried it before. What are you trying to accomplish?

 

[tbissett]

You are looking for layer 2 capabilities, which teh PIX currently does not support. The rumor is layer 2 capability will be a part of PIX OS 7, which is due out later this year.

 

[TreyJ]

We actually have our PIX inside/outside interfaces on the same class "B" network (not subnet). We're able to do this because our outside interface goes to our border router and is connected with point-to-point addresses. The inside interface connects to a core switch. We use route (inside) and route (outside) statements to move traffic.

 

[techracer74]

Thanks for all the help guys. I was able to convince them to use NAT to protect their non-critical servers even further.