Secondary IP address on PIX ethernet interface

Discussion in 'Cisco' started by russlank@gmail.com, Apr 25, 2006.

  1. Guest

    Hi All,

    I have tried to assign secondary IP address on Cisco ASA's box
    interface, and find out that this facility is not supported. After
    trying to find a trick to go around this limitation, I found out that
    this could be achieved by employing trick that depends on Proxy-ARP
    facility the following way:

    1. Define a static ARP table entry with the secondary IP address, which
    you want to assign to the interface, with MAC address of the Ethernet
    interface.

    2. Enable proxy ARP for this entry on the ASA box.

    3. Add routing entry, on the ASA, to the subnet of the secondary IP
    address, making the Ethernet interface acting as a gateway for this
    subnet (you may try remove this step, it might work without it).

    Now, you can use this new secondary IP address as a gateway for
    workstation with IP from the new subnet to go through the ASA box.

    Notes:
    - you might be able to achieve this approach by implementing the static
    ARP entry, with same values, on the workstation that requires using the
    secondary IP address for ASA's Ethernet; leaving the ASA with the
    mentioned routing table entry only.
    - I think that this trick will work on PIX firewall also.

    Regards,

    Russlan
     
    , Apr 25, 2006
    #1
    1. Advertising

  2. Couldn't you also accomplish the same thing by using 802.1Q
    encapsulation on the Etnernet interface, and creating two
    sub-interfaces?
     
    Mark Williams, Apr 26, 2006
    #2
    1. Advertising

  3. Guest

    Actually, what had driven me to do this thing is that I did not have a
    VLAN capable switch then I had to accomplish the configurations and
    start testing the related software. I used this trick as temporary
    solution.
     
    , Apr 27, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Peter
    Replies:
    2
    Views:
    1,102
  2. Raymond Doetjes

    Secondary ip on PIX interface

    Raymond Doetjes, Apr 6, 2004, in forum: Cisco
    Replies:
    3
    Views:
    7,406
    Walter Roberson
    Apr 7, 2004
  3. Andrea
    Replies:
    0
    Views:
    907
    Andrea
    Apr 19, 2004
  4. Replies:
    0
    Views:
    1,303
  5. adanteg
    Replies:
    0
    Views:
    848
    adanteg
    Oct 3, 2007
Loading...

Share This Page