Pix firewall's global ip and if ip

[luciusism]

Qestion, how is it possible that the Pix has 2 ip addresses on one NIC? With PAT, you have a global ip address, and the outside interface's own ip address. It would seem that either there is some translation from the global to the if ip address, or that the 2 both share the same MAC address?

Any clarfication on the mechanics of how this works would be greatly appreicated. Thanks!

luc

 

[berford]

luc,

So the PIX can actually have many more IP addresses assigned to the "outside". The global pool is a group of addresses that the PIX maintains for NAT. You can have several global statements in the same nat group, and thus have several different ranges of IP addresses in use.

The PIX keeps all this straight in its internal translation table (the xlates).

In addition if you use the alias command that hangs additional IPs on the outside interface. Proxy authentication to protected servers adds more.

Liberty for All,

Brian