- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
08-22-2014 05:26 PM
Hello,
I have /26 public IP addresses (164.67.80.65 - 164.67.80.126). I bound ethernet 1/1 to 164.67.80.77/24. Then I created a bidirectional NAT connecting 164.67.80.77 to 192.168.1.77. Works great. Now I want to setup a second bidirectional NAT: 164.67.80.78 to 192.168.1.78
Question:
Can I do this without using just the one external interface? Can I "add" 164.67.80.78/24 to interface ethernet 1/1, eventhough it already has an address on the same subnet 164.67.80.77/24?
Thank you,
Chris
08-22-2014 05:36 PM
One moment , you need not to configure 164.67.80.78/xx ip on an another interface. Once you will configure a NAT rule for IP address 164.67.80.78, the PAN firewall is intelligent enough to do PROXY ARP for that IP address since the interface is already configured with that subnet.
08-22-2014 05:30 PM
Hello Chris,
As per my understanding, you cannot configure same subnet IP address in multiple interfaces. A firewall is supposed to segregate different broadcast domain. So, you can not tag same broadcast domain into 2 interfaces.
Thanks
08-22-2014 05:36 PM
One moment , you need not to configure 164.67.80.78/xx ip on an another interface. Once you will configure a NAT rule for IP address 164.67.80.78, the PAN firewall is intelligent enough to do PROXY ARP for that IP address since the interface is already configured with that subnet.
08-22-2014 05:39 PM
Hulk,
You say "same subnet IP address in multiple interfaces" but I am not talking about multiple interfaces. I am talking about only one interface: "ethernet1/1".
Are you saying that, as per your understanding, it is impossible to configure multiple IP address on the same subnet to a single interface?
Thank you again,
Chris
08-22-2014 05:42 PM
Please ignore my first update.
You only need to configure a NAT rule for IP address 164.67.80.78. Everything else will be taken care by PAN firewall. ( you need not to configure that .78 IP to a physical interface).
Thanks
08-22-2014 05:58 PM
Thanks again, works great!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!