07-08-2019 12:45 PM
For my external interface on a 2130 pair in HA I have a port channel defined
On that external port channel, I have a sub-interface defined that has the main external IP which is part of a /23 public subnet on vlan 254
I am trying to add additional public ip addresses on the external interface but it doesnt seem possible
Port channel 18
Sub Port Channel 18.254 with public ip address X.X.X.1/23 on vlan 254
I want to add additional public ip addresses from the same vlan 254 which has the /23
Such as X.X.X.3, X.X.X.4, etc
My intent is to use the additional public ip addresses for a combination of target endpoints for anyconnect user vpn and for outgoing auto dynamic NAT/PAT so that certain internal subnets get NAT'd/PAT'd to specific external public IP's
However when I try to add additional sub-interfaces with public ip's inside the /23 i get multiple warnings saying I can't do it because there is another subinterface already on vlan 254 and there is overlap with the existing /23 in terms of the IP's.
Is there a way to do this? To have multiple IP's in the same vlan on the same external port channel?
07-08-2019 01:43 PM
I think I figured this out. The disconnect is thinking the IP's must be defined on the interface before they can be used in NAT/PAT or VPN endpoints. I was able to pencil in additional public IP's in the /23 in the NAT/PAT rules and I expect to be able to do the same for an AnyConnect VPN endpoint
07-08-2019 10:28 PM
Correct. The NAT/PAT addresses do not need to be (and in fact cannot) be defined as interface addresses.
The exception is when you are using the actual (single) interface address.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide