Secondary IP Question

Unanswered Question
Jun 12th, 2008

Hello All:

Got a question about configuring a secondary IP on an interface. First a little background on the question.

I have a 3620 routing between our 2 subnets. The interface FA0/1 on 3620 configured with 10.0.4.2 connected to a 3660 fa0/1 10.0.4.1. 3660 connected to several subnets 5x and 6x

I need to route from our 1x corporate subnet to a 6x subnet. I was using the 3620 fa0/1 interface in my route statement to get me from 1x to 6x but the firewall handling the 6x subnet was dropping them because it perceived them as spoofed.

My question - if I created a secondary IP on the 3620 interface in the 6x subnet range, would that resolve this issue?

Thanks - hope this was presented with enough clarity.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Thu, 06/12/2008 - 07:34

DJ

I am afraid that I do not understand your issue very well. It is clear that 10.0.4.x is the subnet that connects your 3620 and your 3660. I think that subnets 5 and 6 are connected on the 3660. I am not sure but suspect that the 1 subnet may be on the 3620. And then there is a firewall, but I am not clear where it connects. Is it in between the 3620 and the 3660?

And I am not sure why the firewall would believe that the packet going to subnet 6 was spoofed. That sounds like the firewall does not know that subnet 1 is connected through the 3620.

But I do know that if subnet 6 is really connected on the 3660 that it is NOT a good idea to try to configure a secondary address in subnet 6 on the 3620.

If the problem is that the firewall does not know where subnet 1 is, then the solution is to have the firewall learn where subnet 1 is. And a secondary address on the router interface is not going to affect the firewall.

HTH

Rick

Actions

This Discussion