multiple public IP from multiple subnets in one ex...

IZoom · ‎2022-12-09

Hi guys.

I have public IP on my WAN interface, works well. I ask my ISP for another Public IP and I obtain the IP from different subnet with own gateway.

I have tried add loopback adapter with 2nd public IP or even to create alias for WAN interface. I am lost with routing / I am not able to ping GAIA trough 2nd public IP.

I have tried to add static route for 2nd gateway (but for 0.0.0.0/8 is another lover priority for default gateway).

I have tried to add another GW IP to default GW (2 IPs there) and I lost internet connection at all.

Do you have Idea how to get 2 working different Public IPs from different subnets?

Chris_Atkinson · ‎2022-12-09

How are you hoping to use the address?

If the ISP has routed the address/subnet towards the security gateway already you can simply define an object and configure your NATs...

CCSM R77/R80/ELITE

IZoom · ‎2022-12-09

well, should not be able to respond GAIA directly when no object and NAT is configured? How the GAIA know to which GW had to respond?

In my case is I have CHP with Public IP which is in production. The 2nd IP had to be NATed to the lab (i.e. vmware open server CHP). Of course I did a rule: "* to 2nd PublicIP allow" and I have tried add static NAT and hide NAT behind 2nd IP, but I did not ping the destination system behind NAT. Therefore I try to ping at least firewall.

or do I think wrong?

PhoneBoy · ‎2022-12-09

If this is a cluster, the ability to use multiple IPs from multiple subnets (i.e. alias IPs) is NOT supported.

IZoom · ‎2022-12-11

Hello. No, it's a standalone box.

PhoneBoy · ‎2022-12-12

What does the routing table look like when you add the alias IP?
Does it show a route for the subnet this IP is on?
It seems like this “nexthop” would be redundant anyway since they’re both going to the same place in the end.

What shows on a tcpdump when you attempt to access the second IP (either using an alias or via NAT)?
Version/JHF level would be useful to know too.

BikeMan · ‎2022-12-13

Hi,

The configuration you have is similar to ISP Redundancy. If you want to use 2 subnet within the same ISP, the ISP has to publish both subnet on its own device and use only one gateway. In this case you have only one default route. To use the new subnet you have to define proxy-arp on the external interface. If you don't you have to use ISPR.

Rgds,

IZoom · ‎2022-12-13

ISPR looks promising. Thank you for the TIP. I'll have a try.

The first part is of course true and I never had a problem with one GW and multiple IPs from the same subnet. But in my case the subnet is /30. I'll play with ISPR and let you know.

Blason_R · ‎2022-12-13

Correct - You will have to work with ISP and ask ISP to add that subnet as a routed subnet from their router to firewall IP or cluster IP. That way your one subnet wil be between router and firewall while other subnet ISP will be able to route it.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS

Are you a member of CheckMates?

multiple public IP from multiple subnets in one ext interface.