Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

multiple interface use same global ip

HI,ALL

my cus have strange require,multiple interface use same global ip,cfg is :

interface Ethernet0/2
nameif tuoguan_internet1
security-level 50
ip address 200.1.1.1 255.255.255.248
!           

global (internet) 90 200.1.1.1
global (tuoguan_internet1) 90 interface
global (tuoguan_internet2) 90 200.1.1.1
nat (oa) 90 access-list oa_acl_in

it seems can work righ.

but if  tuoguan_internet1 and tuoguan_internet2 are in same hub, the pc in hub have arp confusion.sometime  can't comunication to another.

5 REPLIES
Cisco Employee

Re: multiple interface use same global ip

Pls. replace the hub with a swtich and carve vlans for each of the interface in the firewall.

-KS

Community Member

Re: multiple interface use same global ip

thks,KS quickly repply.

if replace the hub with a swtich and carve vlans for each of the interface in the firewall,the multiple interface use same global ip can work normal.

can you give me some cco link for this cfg. thks millions.

guoqiang

Cisco Employee

Re: multiple interface use same global ip

Community Member

Re: multiple interface use same global ip

Hi,KS:

no the vlan cfg.I want to know if  can find the sample or explain for the multiple interface use same global ip cfg .I can't find the the multiple interface use same global ip sample in cco.

thks millions

guoqiang

Cisco Employee

Re: multiple interface use same global ip

Sorry I didn't understand the question correctly.

Say you have dmz1, dmz2, dmz3, inside and outside interfaces.

dmz1 - 10.10.10.0/24

dmz2 - 192.168.1.0/24

dmz3 - 172.16.1.0./24

inside - 192.168.2.0/24

outside - interface address

nat (inside) 1 192.168.2.0 255.255.255.0

nat (dmz1) 1 10.10.10.0 255.255.255.0

nat (dmz2) 1 192.168.1.0 255.255.255.0

nat (dmz3) 1 192.168.2.0 255.255.255.0

global (outside) 1 interface.

There you go. That is a sample.  All the inside networks will be PAT-ed to the outside interface address.

You can use this link for reference:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/no.html#wp1737858

-KS

255
Views
0
Helpful
5
Replies
CreatePlease to create content