Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
683
Views
0
Helpful
5
Replies

multiple interface use same global ip

guoqiang.li
Level 1
Level 1

‎12-21-2009 07:45 PM - edited ‎03-11-2019 09:51 AM

HI,ALL

my cus have strange require,multiple interface use same global ip,cfg is :

interface Ethernet0/2
nameif tuoguan_internet1
security-level 50
ip address 200.1.1.1 255.255.255.248
!           

global (internet) 90 200.1.1.1
global (tuoguan_internet1) 90 interface
global (tuoguan_internet2) 90 200.1.1.1
nat (oa) 90 access-list oa_acl_in

it seems can work righ.

but if  tuoguan_internet1 and tuoguan_internet2 are in same hub, the pc in hub have arp confusion.sometime  can't comunication to another.

Labels:
0 Helpful
5 Replies 5

Kureli Sankar
Cisco Employee
Cisco Employee

‎12-21-2009 08:03 PM

Pls. replace the hub with a swtich and carve vlans for each of the interface in the firewall.

-KS

0 Helpful

guoqiang.li
Level 1
Level 1
In response to Kureli Sankar

‎12-21-2009 08:46 PM

thks,KS quickly repply.

if replace the hub with a swtich and carve vlans for each of the interface in the firewall,the multiple interface use same global ip can work normal.

can you give me some cco link for this cfg. thks millions.

guoqiang

0 Helpful

guoqiang.li
Level 1
Level 1
In response to guoqiang.li

‎12-22-2009 08:29 PM

Hi,KS:

no the vlan cfg.I want to know if  can find the sample or explain for the multiple interface use same global ip cfg .I can't find the the multiple interface use same global ip sample in cco.

thks millions

guoqiang

0 Helpful

Kureli Sankar
Cisco Employee
Cisco Employee
In response to guoqiang.li

‎12-23-2009 05:09 AM

Sorry I didn't understand the question correctly.

Say you have dmz1, dmz2, dmz3, inside and outside interfaces.

dmz1 - 10.10.10.0/24

dmz2 - 192.168.1.0/24

dmz3 - 172.16.1.0./24

inside - 192.168.2.0/24

outside - interface address

nat (inside) 1 192.168.2.0 255.255.255.0

nat (dmz1) 1 10.10.10.0 255.255.255.0

nat (dmz2) 1 192.168.1.0 255.255.255.0

nat (dmz3) 1 192.168.2.0 255.255.255.0

global (outside) 1 interface.

There you go. That is a sample.  All the inside networks will be PAT-ed to the outside interface address.

You can use this link for reference:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/no.html#wp1737858

-KS

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card