Secondary interface on same subnet creates overlapping subnet commit failure

cancel
Showing results for 
Search instead for 
Did you mean: 

Secondary interface on same subnet creates overlapping subnet commit failure

L1 Bithead

Hello all, I currently have a case open with support on this issue. But I am looking for some customer feedback.

 

We presently have *two routes* and two separate firewalls. 10.0.44.1/22 on my Palo Alto, and 10.0.45.1/22 on a legacy Cisco L3 router. The Cisco has been stripped down and only really serves as a default route to a end of life firewall. My goal is to lift 10.0.45.1/22 from the old Cisco router and place it on my Palo Alto. In so many words ... I want to create a "secondary" IP address on the same subnet so that 10.0.45.1 and 10.0.44.1 are used interchangeably.

 

If I try to add these two addresses on the same one interface, the Palo rejects the changes with overlapping subnets. Support had suggested using a separate physical interface. But that gave me the same error message.

 

EDIT: This is on a Palo Alto PA-3250

 

Most of the articles and posts I have looked at for this issue point to a customer VPN where two remote sites have the same subnet(s). That doesn't really apply to my case here, and the solutions don't really make sense for this scenario.

 

Any help or pointers would be appreciated!

2 REPLIES 2

Cyber Elite
Cyber Elite

Hello,

I dont think the PAN can do this? I would recommend repointing the devices to the correct gateway. If they are on DHCP, you should just be able to change the scope details and wait.

Regards,

L1 Bithead

The problem with this is that I have a couple hundred devices with static IP addresses. Everything from printers, to interface boxes stuck to lab instruments, to managed switches, etc.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!