Adding IP Addresses to Cisco PIX Hardware Firewall Device Manager
Translation rules must be added for all new IP addresses. When the Cisco PIX 501 hardware firewall is installed, the translation rules for existing IP addresses are created automatically.
For each new IP address, you create two static translation rules, one outside traffic and one for inside traffic.
NOTE: For this example, we will use 22.33.44.55 to represent the new IP address. It is assumed that the next available internal IP address is 10.0.0.2.
To Add an IP Address to the Cisco PIX 501 Firewall
- In a Web browser, navigate to: https://[your firewall management IP address]/
- You may receive a number of security certificate warnings. If you accept the certs and save them as "Trusted," you will avoid warnings in the future.
- Enter your User name and Password, and then click OK.
NOTE: Your browser must have Java enabled and allow pop-ups from your firewall management IP.
- In the Device Manager toolbar, click the Configuration icon.
- Click the Translation Rules tab.
- Click the Translation Rules radio button.
- Click the New Rule icon.
- In the window, enter the following information:
- Interface: Inside
- IP Address: 10.0.0.2
- Mask: 255.255.255.255
- Translate address on interface: outside
- Translate address to: select (x) static IP Address: 22.33.44.55
- Click the New Rule icon.
- In the window, enter the following information:
- Interface: Outside
- IP Address: 22.33.44.55
- Mask: 255.255.255.255
- Translate address on interface: inside
- Translate address to: select (x) static IP Address: 10.0.0.2
- Add 10.0.0.2, the internal IP address, to your server.
- Windows In the advanced section of your local area network TCP/IP settings, add the internal IP, using the 255.255.255.0 netmask.
- Linux At root, copy "/etc/sysconfig/network-scripts/ifcfg-eth0" to "/etc/sysconfig/network-scripts/ifcfg-eth0:0". Edit /etc/sysconfig/network-scripts/ifcfg-eth0:0 changing the IP to the new IP and change the DEVICE to equal eth0:0. Restart your networking with: service network restart
NOTE: IP address allocation is monitored. Attempting to add IP addresses to your server that have not been purchased is a violation of your terms of service agreement and may result in the suspension of your account.