multiple interface use same global ip

Unanswered Question
Dec 21st, 2009
User Badges:

HI,ALL

my cus have strange require,multiple interface use same global ip,cfg is :


interface Ethernet0/2
nameif tuoguan_internet1
security-level 50
ip address 200.1.1.1 255.255.255.248
!           

global (internet) 90 200.1.1.1
global (tuoguan_internet1) 90 interface
global (tuoguan_internet2) 90 200.1.1.1
nat (oa) 90 access-list oa_acl_in

it seems can work righ.


but if  tuoguan_internet1 and tuoguan_internet2 are in same hub, the pc in hub have arp confusion.sometime  can't comunication to another.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Kureli Sankar Mon, 12/21/2009 - 20:03
User Badges:
  • Cisco Employee,

Pls. replace the hub with a swtich and carve vlans for each of the interface in the firewall.


-KS

guoqiang.li Mon, 12/21/2009 - 20:46
User Badges:

thks,KS quickly repply.

if replace the hub with a swtich and carve vlans for each of the interface in the firewall,the multiple interface use same global ip can work normal.

can you give me some cco link for this cfg. thks millions.


guoqiang

guoqiang.li Tue, 12/22/2009 - 20:29
User Badges:

Hi,KS:

no the vlan cfg.I want to know if  can find the sample or explain for the multiple interface use same global ip cfg .I can't find the the multiple interface use same global ip sample in cco.


thks millions


guoqiang

Kureli Sankar Wed, 12/23/2009 - 05:09
User Badges:
  • Cisco Employee,

Sorry I didn't understand the question correctly.


Say you have dmz1, dmz2, dmz3, inside and outside interfaces.

dmz1 - 10.10.10.0/24

dmz2 - 192.168.1.0/24

dmz3 - 172.16.1.0./24

inside - 192.168.2.0/24


outside - interface address


nat (inside) 1 192.168.2.0 255.255.255.0

nat (dmz1) 1 10.10.10.0 255.255.255.0

nat (dmz2) 1 192.168.1.0 255.255.255.0

nat (dmz3) 1 192.168.2.0 255.255.255.0

global (outside) 1 interface.


There you go. That is a sample.  All the inside networks will be PAT-ed to the outside interface address.


You can use this link for reference:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/no.html#wp1737858


-KS

Actions

This Discussion