Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
IZoom
Contributor

multiple public IP from multiple subnets in one ext interface.

Hi guys.

I have public IP on my WAN interface, works well. I ask my ISP for another Public IP and I obtain the IP from different subnet with own gateway.

 

I have tried add loopback adapter with 2nd public IP or even to create alias for WAN interface. I am lost with routing / I am not able to ping GAIA trough 2nd public IP.

 

I have tried to add static route for 2nd gateway (but for 0.0.0.0/8 is another lover priority for default gateway).

I have tried to add another GW IP to default GW (2 IPs there) and I lost internet connection at all.

 

Do you have Idea how to get 2 working different Public IPs from different subnets?

0 Kudos
8 Replies
Chris_Atkinson
Employee Employee
Employee

How are you hoping to use the address?

If the ISP has routed the address/subnet towards the security gateway already you can simply define an object and configure your NATs...

CCSM R77/R80/ELITE
0 Kudos
IZoom
Contributor

well, should not be able to respond GAIA directly when no object and NAT is configured? How the GAIA know to which GW had to respond?

In my case is I have CHP with Public IP which is in production. The 2nd IP had to be NATed to the lab (i.e. vmware open server CHP). Of course I did a rule: "* to 2nd PublicIP allow" and I have tried add static NAT and hide NAT behind 2nd IP, but I did not ping the destination system behind NAT. Therefore I try to ping at least firewall. 

or do I think wrong?

0 Kudos
PhoneBoy
Admin
Admin

If this is a cluster, the ability to use multiple IPs from multiple subnets (i.e. alias IPs) is NOT supported.

0 Kudos
IZoom
Contributor

Hello. No, it's a standalone box. 

0 Kudos
PhoneBoy
Admin
Admin

What does the routing table look like when you add the alias IP?
Does it show a route for the subnet this IP is on?
It seems like this “nexthop” would be redundant anyway since they’re both going to the same place in the end.

What shows on a tcpdump when you attempt to access the second IP (either using an alias or via NAT)?
Version/JHF level would be useful to know too.

0 Kudos
BikeMan
Contributor

Hi,

The configuration you have is similar to ISP Redundancy. If you want to use 2 subnet within the same ISP, the ISP has to publish both subnet on its own device and use only one gateway. In this case you have only one default route. To use the new subnet you have to define proxy-arp on the external interface. If you don't you have to use ISPR. 

Rgds,

0 Kudos
IZoom
Contributor

ISPR looks promising. Thank you for the TIP. I'll have a try.

 

The first part is of course true and I never had a problem with one GW and multiple IPs from the same subnet. But in my case the subnet is /30. I'll play with ISPR and let you know. 

 

0 Kudos
Blason_R
Leader
Leader

Correct - You will have to work with ISP and ask ISP to add that subnet as a routed subnet from their router to firewall IP or cluster IP. That way your one subnet wil be between router and firewall while other subnet ISP will be able to route it.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    Wed 01 May 2024 @ 02:00 PM (EDT)

    South US: HTTPS Inspection Best Practices

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap

    Wed 01 May 2024 @ 02:00 PM (EDT)

    South US: HTTPS Inspection Best Practices

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    CheckMates Events