Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX without NAT

Status
Not open for further replies.

cruzd

MIS
Jun 26, 2001
8
US
Hello,

I want to configure my PIX 520 with public IP on both the outside and inside interface. I have a class C subnet that I want to use, but everytime I assign it, the PIX says the interfaces can't be on the same subnet. Before I upgraded to 6.2, I was able to do this, in version 4.2. Is there a way to do this on the new version? Yes, I know it's better to use NAT, by using private IP's on the internal network, it's harder for intruders to break in.. blah, blah, blah... but for the sake of doing it, I would like to know if this is possible with a class C subnet.

Thanks.
 
I don't think it's possible to have the same subnet assigned to both interfaces. You could subnet the class C so that some IP's are outside the firewall, and some and inside it.

The way to do it, would be to make your inside be private like (10.10.10.0 or something) and do static translations.

Like this

ip address outside xxx.xxx.xxx.1 255.255.255.0
ip address inside 10.10.10.1 255.255.255.0
static (inside,outside) xxx.xxx.xxx.0 10.10.10.0 netmask 255.255.255.0 0 0

I think this will work.
 
It is possible as long as you subnet your class C network. You could use a /25 network and have a .0 network on the inside and a .128 network on the outside. Just a suggestion. Just fyi, using public or private addresses on the inside still requires the same amount of work as far as configuration is concerned.

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top