Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

non-contiguous public IP addresses 2

Status
Not open for further replies.
Speaker

Speaker

MIS
Sep 5, 2001
72
US
We need to set up some static mappings through our PIX 515 so 10 clients can VPN to a third-party supplier. Unfortunately, we don't have enough public addresses available, so we've contacted our ISP to get some more. I've requested that they give us the next 16 numbers, then all I'd have to do is change the subnet mask and be good to go (correct?).

If they're not able to get continuous numbers, what issues do I face? I know this is a vague question, but maybe if I get some general ideas, then I can ask more specific questions.

TIA,
speaker
 
Sort by date Sort by votes
If the next set of 16 IP addresses isn't available then you will have to look at changing the whole range! This isn't such a hugh task but does require some careful planning.

You (or your ISP) will have to reconfigure the router with the new addresses. You will have to change the firewall config and you will also have to make DNS changes. We usually do this sort of thing on a Friday afternoon. This gives a couple of days over the weekend for DNS to propagate before it's business as usual on the Monday morning.

Chris.
********************************
Chris Andrew, CCNA
Technical Support Engineer
********************************
 
Upvote 0 Downvote
This is simple.

On your internet router, make sure you have a route statement with your new address to the outside interface of the PIX. I have this setup with no problems.
 
Upvote 0 Downvote
Speaker,

Could you let me know if you had to go with a new range of addresses, or if Xlee`s suggestion worked?

I have exactly the same problem with my PIX and I`m unsure which way is best!

Cheers,

Russky
 
Upvote 0 Downvote
I actually didn't need it.

We were trying to connect multiple VPN sessions from our PIX to another company's PIX. Each outbound VPN session required a unique public address. But we ended up building a Linux box with an app that would allow multiple VPNs to go out from the same public address, thus negating the need to purchase more.

Incidentally, that didn't work because Cisco told us that PIX wont allow multiple INbound VPN sessions from the same public address, either. What we ended up doing was connecting one machine--a Win2K Professional box--and using Internet Connection Sharing to share out the VPN tunnel, then setting that machine as the gateway for the others.
 
Upvote 0 Downvote
Re: site-to-site

We looked at it, but this is only a temporary solution, until the frame-relay line is installed in a few weeks. I believe the site-to-site required one of them there fancy concentrators that cost so much money.
 
Upvote 0 Downvote
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
570
Sameer258
Sameer258
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
465
XLNTech1
XLNTech1
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
531
Johnkite
Johnkite
sudhakar346
  • Locked
  • Question
Cisco ASA inside to DMZ issue over public IP
Replies
2
Views
146
kythri
kythri
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
140
Russtoleum
Russtoleum

Part and Inventory Search

Sponsor

Back
Top