Manish is quite correct that adding a secondary address on a router interface will not drop the connection. I am not sure what Split Horizon effect he has in mind, and elections in dynamic routing protocols are done with primary addresses, so a secondary address should not impact routing protocol elections. Where you do need to be careful (and where it could impact things) is to make sure that the original primary addresses remain primary and that the secondary address is secondary on any layer 3 routing device connected on that segment.

I would like to know a bit more about what the original poster is trying to do. I am not convinced that secondary addressing is necessarily the best solution. And I do not understand what static routes have to do with secondary addresses. Perhaps the original poster can explain for us why they are getting additional addresses and how the addresses will be used? Are the additional addresses to be added on the outside facing interface(s) or on the inside facing interface(s)? Are the additional addresses to be assigned directly to hosts in the network? Are the additional addresses to be used for address translation? If we knew some of these things we might provide better answers.

HTH

Rick

Hi Rick,

Sorry about posting something without completely making it clear ( not a native english speaker ) :-

as far as elections processes , i wanted to say just what you mentioned but I know that I was not clear enough.

here's my worries with split hrizon :-

The secondary IP address feature allows addresses from multiple  subnets to be configured under the same interface simultaneously, which  can be useful typically on a LAN segment under various circumstances.  When secondary IP addresses are used, there might be issues advertising  that prefix over the primary network and vice-versa under the same  interface, since different routing protocols behave differently with  secondary addresses.

When  Routing Information Protocol (RIP) or Interior Gateway Routing Protocol  (IGRP) are used as the routing protocol, enabling split horizon prevents  the network of the secondary addresses from being advertised over the  primary network.

Enhanced  Interior Gateway Routing Protocol (EIGRP) can form neighbor  relationship using only the primary address, and the rule of  split-hozizon also applies to EIGRP.

Manish

After talking with the person in more detail they have been given a new block on IPs from their ISP and wanted to gradually move to the new block.  The ISP has asked them to move off the existing block at some point.  They ran out of IPs on the old block so he thought that adding new secondary IPs to the existing WAN interface would allow him to do his static NAT mappings.  The ISP is already forwarding the new IPs to the old network so he just needed to enter the NAT mappings.  Thanks for the info, I will use it for future reference.

This explanation helps to clarify what is going on. Obtaining a new block of addresses and gradually moving off of the old block makes a lot of sense. Configuring the new block as secondary allows the router to regard both subnets as directly connected on the WAN interface. You can gradually change the NAT configuration to preform a gradual migration. And when all translations have migrated you can make the old primary address go away and make what has been the secondary address to become the primary.

Adding the new address as secondary will not impact connectivity on the WAN interface. When the old address goes away and the new address becomes primary may cause a small impact on connectivity.

HTH

Rick

One other question guys.  So I am still not able to get to those new IPs after adding them to NAT and the access list.  There is actually an old external IP that is pointing to the same host that the client wants to point the new IP to on port 80.  I've set it up identical to how this one is set up.  With this old IP in use going to the same host will it interfere with the new one?

One other possibility is that the ISP is not correctly routing the traffic to their network.  Also, do I need to add an ip route on the router?  Could that be it?

If the secondary range is added on the router external interface , test it from a remote location using traceroute and see if it is been routed to you properly. also I am not sure if the router is going to let you static nat one private host to multiple external IP's.

But i think you should test if the ISP has done its job and removed filter , proper routing etc.

Manish

Thanks Manish.  Like you said, before I go any futher I am going to talk with the ISP to make sure they are routing the traffic like they are suppose to.  Thanks for all your help.  I'll update this thread once I hear back.

I agree that the traceroute is a good test and you should do it. But I also want to address something you said in a previous post. You indicated that there was another configured translation for the new address. It is not possible to have 2 different translations configured for the same inside address. It might seem reasonable looking at it from the outside. But consider the problem of forwarding traffic from the inside host. As it gets to the router, which of the configured translations should it use? There would be 2 choices and how would the router decide? So as you do your test I believe that you should remove (at least temporarily) the old translation. But I might wait to do that till you have done the traceroute test.

HTH

Rick