×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Multiple networks routed to single pix interface?

Unanswered Question
Nov 12th, 2005
User Badges:

Scenario:


1 cisco 2801 that has 2 t1's going into it. The t1's are from seperate providers, so two differnt networks.


The t1's each have an additional /30 block of addresses routed to them


t1:1 network 1.1.1.0/30 has network 1.1.2.0/30 being routed to it.


t1:2 network 2.2.2.0/30 has network 2.2.3.0/30 being routed to it.


There is a pix 501 connected to fa0/1 on the 2801.



How the additional /30 networks are being used:


Host 1 is the router fa0/1 interface and host 2 is the pix outside interface.


Right now the pix can be reached via 1.1.2.2. The client also wants to be able to reach the pix using 2.2.3.2.



Currently you can ping fa0/1 on the router using either the 1.1.2.1 address or the 2.2.3.1 address. The client wants to be able to reach to pix using either of the networks associated to the fa0/1 interface. The problem is the pix can only have one network on the outside interface. So i am trying to find a solution to reach the pix using either 1.1.2.2 or 2.2.3.2 in case one of the t1's go down.


Right now 1.1.2.2 works, i am trying to make 2.2.3.2 work as well.


2801:


s0/0

description Connection to ISP 1

ip address 1.1.1.2 255.255.255.252


s0/1

description Connection to ISP 2

ip address 2.2.2.2 255.255.255.252


fa0/1

ip address 1.1.2.1 255.255.255.252

ip address 2.2.3.1 255.255.255.252 secondary


ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.1


Anyone have any ideas how I can get this to work?


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jackko Sun, 11/13/2005 - 14:42
User Badges:
  • Gold, 750 points or more

as you mentioned, the pix will not accept a secondary ip on any interface. thus i guess the requirement is not feasible.


however, if the aim is to provide a backup of remote pix management, you can always establish a session to the router first, then from the router to the pix.


further, it the aim is related to vpn, then i guess the option is to move the vpn termination point to the router instead.

Actions

This Discussion