The first config you show generally doesn't work real
well (I've seen it used that way... you can force it by loading
a config on via TFTP... of course, what they ended up
with wasn't what was intended.)
Your second example works fine. And that's the closest
to what he was asking about. Sounds rather like he's using
Firewall-1, and one can do the equivalent of IP secondary,
at least on Solaris.
Ryan
To: Ryan Russell/SYBASE, "Pavlichek, Doris (GEIS, GE Capital Consulting)"
<[EMAIL PROTECTED]>
cc: Chris Chen <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: RE: do I HAVE TO put my DMZ net and Internet in seperate net segm
ents
So you're telling me it's accepted practice to configure a router like
so...
Ethernet 0/1
ip address 10.10.10.10 255.255.255.0
Ethernet 1/1
ip address 10.10.10.20 255.255.255.0
Or am I misunderstanding you? That's quite possible. Yes, you can have
secondary interfaces (multiple gateway addresses into a port)
Ethernet 0/1
ip address 10.10.10.10 255.255.255.0
ip address 10.20.10.10 255.255.255.0 secondary
But routing works based upon major network (or subnet) boundaries. If you
have a packet coming in bound for 10.10.10.20 with the above mentioned
config, you have a problem on your hands...DP
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
