Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Secondary Address Frustration

Status
Not open for further replies.
ManagerJay

ManagerJay

IS-IT--Management
Jul 24, 2000
302
0
0
US
I am in the process of moving our WAN from public IP addresses to private IP addresses. Everything destined for the Internet will go through a proxy server. Our WAN is configured in a star configuration with the router providing access to the Proxy Server at the center.

Our WAN consists of seven sites statewide connected via frame-relay. All routers are CISCO routers running IOS 11.0.

I have run into a problem in the fact that the secondary addresses will not appear when doing a sh ip route. Unless, the S0 interface is assigned an ip address.

For example, our current configuration has 12.X.X.X as the primary address and 10.X.X.X as the secondary address. Interface S0 is unnumbered, and the 10.X.X.X address will not appear in the route table until I put a secondary address of 10.X.X.X on S0.

From my reading, I believe this is a limitation of EIGRP since EIGRP will only broadcast the primary address.

Thinking this problem would be easy to solve, I swapped the primary and secondary addresses on the router at the center of the star. Then, no routes whatsoever appeared.

Is there a HOW-TO, or good documentation, on how to configure a router with two IP addresses? Or,is there a router program simulator that I can download, put the router programs in and work with the programming that way?

Any suggestions on using multiple IP addresses on the same router would also be appreciated.



Jay [sig][/sig]
 
Sort by date Sort by votes
Jay,

Depends on how you want to run things, and what kind of cisco eqipment you have.

The best bet is to have the external interface of the router (that goes to the i-net) have the real world address and the internal interface have a private 10.10 address. But from what I'm guessing, this that your are trying now:

Code: 
InterNet  ---+
             |
           Ext Router Port -12.x.x.x
           Int Router Port -12.x.x.x Sec: 10.x.x.x
             |
            WAN

Comming from personal experiance, it doesn't work to well :).

The best solution would be:

Code: 
InterNet  ---+
             |
            Ext Router Port -12.x.x.x
            Int Router Port -10.x.x.x
             |
            WAN

And use NAT to route to any machines that absolutely need a real world address. (ie Proxy Server) Then every box inside the router would have a 10.x.x.x address, your network is protected (except for those few machines) and you've given yourself virtually 60,000 IP's you can use.

Of course this will protect almost every machine, I would recommend a firewall as well (from a security stand point) but the solution above should do the trick.

Hope this helps! :)

Andy [sig][/sig]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

phonedudeSr
  • Locked
  • Question
Collaboration Cluster Force fallover to secondary site
Replies
0
Views
37
phonedudeSr
phonedudeSr
NavinNet
  • Locked
  • Question
Why 2 different mac addresses of a server are being shown of CISCO 6509E Layer-3 Switch ?
Replies
0
Views
43
NavinNet
NavinNet
stayconnected
  • Locked
  • Question
How to reliably configure a secondary failover route for Layer 3 Cisco Switch?
Replies
11
Views
84
iggsterman
iggsterman
brownmab53
  • Locked
  • Question
Cisco PIX 525 is not allowing DHCP address to be applied to router
Replies
1
Views
51
iggsterman
iggsterman
flopeedo
  • Locked
  • Question
Allow outbound 443 to public IP Address
Replies
0
Views
26
flopeedo
flopeedo

Part and Inventory Search

Sponsor

Back
Top