Overlapping IP's address on interfaces- Why??

Unanswered Question
Nov 6th, 2009

Can I configure 2 IP addresses from the same subnet on two dirrefent interfaces on same box.

When I do that I get overlaps with Fa0/0 error.

I need to assign one IP to cisco 1841 ( connecting to router) , 2nd IP to 1841's fa0/0 and 3rd IP to sonicwall. All three public IP's are assigned to me by ISP.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mike_guy29 Fri, 11/06/2009 - 05:18


You would probably need to look at subnetting the address range accordingly to fit in with your topology. E.g. if my ISP had given me the range I may subnet it so that one interface had and another may have

Hope that helps



s.nasheet Fri, 11/06/2009 - 06:54

Hi Mike ,


My IP block rane is /29 ( .233 to .238 useable IP's, .232 being a subnet ID and .239 being a broadcast.

Subnet is

At the moment .233 is assiggned to Cisco route (ADSL2+) and rest aren't in use.

If I seperate .233 from the rest of the network (as its a router IP connecintg to internet), how should my IP addreses scheme look like ( i.e IP address range for second subnet m subnet mask, and gatway IP.

I really appreciate your help.


If I want to break this into two subnets how will

p.mcgowan Fri, 11/06/2009 - 07:31

If I understand your problem correct you are trying to connect to the internet using the IP address range your ISP gave you and also use the same address range on your internal LAN.

This won't work.

Use the IP range that your ISP gave you on the outside interface and use a private address range like in your inside network

s.nasheet Fri, 11/06/2009 - 07:41

I only need to assing a public IP to Sonicwall firewall and the reason being is that customer want to use that public Ip to build VPN tunnel at the remote office.

Any other suggestion which allow Sonic wall to build the to the other offfie using a public or private Ip.

thanks for the help.

mike_guy29 Fri, 11/06/2009 - 07:55


You could use a private IP address on your sonicwall if you wish and then do static NAT at the router so. This will still work for VPN setup etc but you may have a bit of extra complexity setting up VPNs etc. I can't remember off the top of my head but I have set up a VPN to a sonicwall that was behind a natted address before and there was one extra option I need to change on the sonicwall end!

Or you could do as your are suggesting and assign a Public IP to the sonicwall outside and then the the router. In which case you would likely be natting on the Sonicwall and not the router. Depends on how you want to set things up/how they are working now.

Hope that helps.



s.nasheet Fri, 11/06/2009 - 08:18


Problem is I dont have access Sonicwall as its a client equipment and I am not sure how its currently configured.

If I ask client to use the same Public IP that is assigned to dialer0 interface to build the VPN , would that be possible.

In this case sonicwall will not do the NAT (1841 will do).


mike_guy29 Fri, 11/06/2009 - 08:40

No not quite...

You would require a static translation on the router otherwise the other side of the VPN would not be able to initiate a VPN tunnel. It would be no good just overloading the dialer0 interface

They would then set their peer address as your dedicated translated public IP address and it would be natted through to your Sonicwalls private address when it hits the router. Your sonicwall would then process the IPsec as normal.

The problem I ran into was one end was embedding their private IP address into the IKE message (for identity I believe) and the other end was getting confused. This was easily rectified though I just can't remember the specific setting as it was a while back. Just keep an eye on the logs.

Hope this makes sense?




This Discussion