Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
321
Views
0
Helpful
3
Replies

Same IP on different interfaces

dragec
Level 1
Level 1

‎05-04-2006 10:17 PM - edited ‎03-09-2019 02:48 PM

I have strange situstion in wich same IP address can come on two different interfaces. One interface is location primary link end on second interface is backup link. Server to wich clients have to access is on third interface. Is it possible to configure fw so it will accept trafic from address A on both incoming interfaces?

Thanks!

Labels:
0 Helpful
3 Replies 3

Fernando_Meza
Level 7
Level 7

‎05-04-2006 10:34 PM

I am not too sure what you mean .. can you explain a bit more .. what do you mean by the same IP comming on two different interfaces ..? is the IP address on the Public internet which can access your internal server by two ISP links .. ?

If this is the case then there is not problem just apply the accesslist to the respecive interface .. i.e

access-group 100 in interface1

access-group 100 in interface2

access-list 100 permit host X.X.X.X host y.y.y.y

access-list 100 permit host X.X.X.X host z.z.z.z

you will need 2 static nat one per each interface

static (inside,interface1) y.y.y.y PrivateIP1 255.255.255.255

static (inside,interface2) z.z.z.z PrivateIP2 255.255.255.255

where PrivateIP2 is a virtual IP or a secondary Ip of your internal server.

is this clear to you ..?

0 Helpful

dragec
Level 1
Level 1
In response to Fernando_Meza

‎05-04-2006 10:54 PM

I have primary link for location on interface A subnet. When location lose primary link it dials into ISDN router wich is on interface B subnet. So I have situation that one subnet, from location, can come to fw on two interfaces, A and B. Server is on interface C and client address needs to be translated to some address on interface C, always same address, not depending on source interface, A or B

0 Helpful

grant.maynard
Level 4
Level 4
In response to dragec

‎05-05-2006 01:04 AM

You would need to use dynamic routing (OSPF or RIP) because static routes would violate anti-spoofing (reverse-patch verify).

Your two "outside" PIX interfaces would need different IP addresses and therefore different static NATs, unless you used policy NAT somehow.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents