Secondary IP address in ASA5510/PIX515e

Similar Messages

• Any limit to number of secondary ip addresses?

  Hi,
  Is there any limit to the number of secondary ip addresses on an interface of a router?
  I just took over an existing live system.
  The previous engineer configured secondary ip addresses on a single physical interface.
  Currently, there are 1 main ip address and 2 secondary ip addresses.
  I am not allowed to change the existing configuration nor disrupt the existing live system, so I cannot use sub-interface.
  When I tried to add 1 more secondary ip addresses, to make it 1 main ip and 3 secondary ip address,
  but no matter how I tried, I cannot ping to the end device of this NEW secondary ip address subnet
  So I removed one of the existing secondary ip address, I discovered I can ping to the end device of the NEW seconday address!!!
  But when I put back the one I removed, I can no longer ping to the end device of the NEW secondary address AGAIN!
  I suspect that there is a limit to the number of secondary addresses that can be configured on the physical address.
  But, I check the link http://www.cisco.com/en/US/tech/tk365/technologies_q_and_a_item09186a008012d8f7.shtml#q21, it says
  Q. What are the maximum number of secondary IP addesses that can be configured on a router interface?
  A. There are no limits on configuring secondary IP addresses on a router interface. For more information, refer to Configuring IP Addressing.
  I think Cisco could be wrong when saying "There are no limits".
  Can someone kindly help me confirm whether there are any limits to the number of secondary ip addresses on an interface of a router?
  thank you

  Hi,
  The main ip and secondary ip addresses are all subnetted into 255.255.255.240.
  Main IP 172.16.21.155
  Secondary IP#1 = 172.16.21.141
  Secondary IP#2 = 172.16.21.93
  New Secondary IP#3 = 172.16.21.226
  As a test, I simply remove any of the existing secondary ip addresses, and it works!
  But when I put back any of the addresses I removed, the new one does not work again.
  If it is ture there is no limit, can it be due to other factors like the router hardware?
  Pls kindly advice.
  Thank you.
  Rgds,
  Rachel

• Message Tracking logs for secondary smtp address

  Hi,
  There are many people sending mails to secondary smtp address instead of primary smtp address. How can i pull the report of message tracking logs if they sent it to secondary smtp address using get-messagetrackinglog cmdlet?
  Sankar M http://messagingdevelopment.blogspot.in/

  Hi Sankar,
  If I don't understand your description, it seems that you want to get the message tracking log on an mailbox with primary SMTP address and secondary SMTP address.
  If it is the case, please add both primary SMTP address and secondary SMTP address to the "Recipients" parameter. More details to see:
  http://technet.microsoft.com/en-us/library/aa997573(v=exchg.150).aspx
  Thanks
  Mavis Huang
  TechNet Community Support

• Cannot ping secondary IP address on subinterface from SVI interface.

  Hi to all.
  We have a border router with lots of subinterfaces and some of them have few secondary networks from different subnets on it. I've configured SVI interface on same VLAN in same subnet, but can't ping from this SVI  the secondary address, that applied on subinterface on a router.
  It seems strange, because on other subinterface, with few secondary networks - all works fine.
  All links between swithes and routers are in trunk mode, all switches contains appropriate vlans on their vlan.dat, all appropriate vlans are allowed on switches, all arp entries are present on border router and on switches, all appopriate mac addresses are in mac-add table present.int v
  BR conf:
  int gi0/1.10
  encapsulation dot1q 10
  ip add 192.168.1.1 255.255.255.0
  ip add 192.168.2.1 255.255.255.0 secondary
  int gi0/1.20
  encapsulation dot1q 20
  ip add 192.168.10.1 255.255.255.0
  ip add 192.168.11.1 255.255.255.0 secondary
  sw101 conf:
  int vlan10
  ip add 192.168.1.2 255.255.255.0
  no ip route-cache
  int vlan20
  ip add 192.168.10.2 255.255.255.0
  no ip route-cache
  ip default-gateway 192.168.1.1
  sw102 conf:
  int vlan10
  ip add 192.168.1.3 255.255.255.0
  no ip route-cache
  int vlan20
  ip add 192.168.10.3. 255.255.255.0
  no ip route cache
  ip default-gateway 192.168.1.1
  Connection scheme is trivial: br-->sw101-----L2VPN(QinQ) ISP-->sw102
  ping 192.168.1.1 from sw101 & sw102 are successful.
  ping to 192.168.10.1 from sw101 & sw102 are fails (sometimes some packets reach to destination - about 1-2 from 5 sended packets)
  When i remove secondary ip address from BR (192.168.11.1/24) subinterface - all works fine.
  Cannot understand, what's wrong ?
  br -  7206VXR (NPE-G2)
  sw101 - WS-C3560X-48T-L
  sw102 - WS-X45-SUP7L-E
  I haven't attach the other configurations of ports (trunk port configuration, vlan database and etc) bcoz i believe the problem not in L2 Layer, i think problem as for arp entries.
  P.S. Sorry guys for my english, sorry for probably a stupid question, but i really can't catch it - pls help me to understand that.

  Hi sgulyamov,
  did you try to debug ARP request on Br ? 
  Could you post the configuration of the Swtich interface connected to Br ?
  Bye,
  enrico

• Adding secondary IP address

  When adding a secondary IP addess to the public side of the BM 3.7
  server do we need to specify the mask or can we just do a add secondary
  ipaddress 111.111.111.111

  Hi Pete,
  the secondary Ip address must be in the same subnet as the primary IP
  address, therefore you don't need to add a mask.
  For instance, if the primary is
  192.168.1.1/255.255.255.0
  you can
  ADD SECONDARY IPADDRESS 192.168.1.56
  Note that if you want to bind an IP address that is NOT in the same
  subnet as the primary IP address, you've to use inetcfg.
  Caterina
  Novell Support Connection Volunteer Sysop

• Secondary ip address - using as NTP-Source

  Hello,
  if i configure a secondary ip address on a primary inerface.
  How can i force some services to use this secondary ip address as source-address.
  For example, NTP, Tacacs, ... and so on.
  I am loooking for something similar to ntp source-interface on routers.
  Thanks
  Andreas

  Hello,
  You even do not need to set a secondary ip address.
  You can use single IKE identity so the VPN peer is identified by all of its peers with a single IKE identity which is achieved by using a loopback address (always up) that must be advertised by your routing protocol or by the mean of a static route.
  This will save resources in the case when crypto map is bound to different interfaces for access link redundancy or in your case when you are planning to change the interface ip address, so the IKE SA will exist between the two peers regardless of which ip address is used.
  In the other side you can point IPSec ?set peer? command to the peer loopback interface.
  Additional features might help:
  - IPSec keepalive/ DPD (Dead Peer Detection), this will intercept peer failure at time.
  - Another feature that will clear the IPSec SA if a maximum idle timeout is reached.
  I successfully tested the configuration, take a look at routers configuration file.
  I hope I answered your question.
  Have a good work,
  AJN

• I reset my IPAD password but the verification email wasn't sent to my primary or secondary email address.  Without the verification email I can't complete the password change process.  Any recommendations?

  I reset my IPAD password but the verification email wasn't sent to my primary or secondary email address.  Without the verification email I can't complete the password change process.  Any recommendations?

  Great tip from dorothy.  Also, some isp services are more aggressive from others in filtering what they think might be spam.  You might check your spam file from a computer, and see if the verification e mails are sitting there.   When i wen through the process, the verification e mail came to the new e mail address in under a couple of minutes.

• Getting error when I try to remove eum secondary email address from the Mailbox from Exchange 2013 server

  Getting error when I try to remove eum secondary email address from the Mailbox from Exchange 2013 server. The command works if you issue directly from the server exchange shell.
  I open the remote power shell to the exchange server 2013.
  Issue the following commands and getting the following error.
  $mailbox = Get-Mailbox -Identity testuser$mailbox.EmailAddresses -= "eum:50004;phone-context=telExt5digits.lync5.com"Then getting the following error:Method invocation failed because [System.Collections.ArrayList] doesn't contain a method named 'op_Subtraction'.
  At line:1 char:27
  + $mailbox.EmailAddresses -= <<<<  "eum:50004;phone-context=telExt5digits.lync5.com"
      + CategoryInfo          : InvalidOperation: (op_Subtraction:String) [], RuntimeException
      + FullyQualifiedErrorId : MethodNotFoundHelp!

  Now for an answer - your remote session doesn't have the same object you have on the server itself.  Notice it says this is an array list, not a ProxyAddressCollection.  If you need to work around this, you'll need to massage the addresses another
  way that the system will accept.  I'd try the following:
  $NewAddresses = $mailboxEmailAddresses | ? { $_ -notlike "eum:50004;phone-context=telExt5digits.lync5.com" }
  See what you get in the $NewAddresses variable when you do this.

• Mail users have spam sent to their secondary SMTP addresses forwarded to their personal e-mail addresses- Exchange 2010

  We currently have a spam issue relating to the secondary SMTP e-mail addresses of all our Mail Users.
  Example: Peter Smith has an AD account on our company.com domain and an associated external e-mail address ([email protected]) i.e. he has an AD account ([email protected]) with Mail User Exchange attributes so that he can logon
  to our SharePoint server. However, this AD account also becomes a fully functional secondary SMTP address and all spam sent to [email protected] also gets forwarded to [email protected]
  To mitigate this issue, I have added this secondary e-mail address to the "Recipient filtering properties > Block messages sent to the following recipients" in Hub Transport/Anti Spam.
  Two questions:
  1. Is there an easy way to delete the secondary SMTP addresses of mail users? I was unable to (it just reappeared shortly after deletion)
  2. What is the PS command to export a list of all secondary SMTP e-mail addresses OF MAIL USERS and then adding this list to "Recipient filtering properties > Block messages sent to the following recipients". I could manually add them
  in EMC but there are quite a few of them...
  Many thanks for your help!

  Now that I understand what's happening, let me see if we can get a more accurate solution for you.  So your mail users (Exchange calls them mail-enabled users, as opposed to mailbox enabled users, who have mailboxes) have SharePoint access (with the
  @company.com address), but have actual mailboxes externally (the actual end-domain is inconsequential).  You want users of these systems to stop receiving emails on the company.com namespace, but to receive them from only your SharePoint system. 
  A "textual diagram" is below:
  SharePoint (to Exchange mailbox owner) ==> Exchange hub (using company.com) ==> Exchange mailbox
  SharePoint (to External mail user) ==> Exchange hub (using company.com) ==> Exchange mail contact ==> External system (using external SMTP address
  External Messaging system (to External mail user, using company.com address used by SharePoint) ==> Exchange hub =XX=> Block delivery
  You wish to stop the third of these from happening.  If your SharePoint system used non-routable addresses (such as company.local) and all of your mail users had only these addresses added to their accounts for internal mail precossing (as the
  internal name used by Exchange), this would solve your issue.  The question becomes how to deploy this sort of address. 
  If these are the ONLY mail contacts in your organization, the solution is simple - you almost had it above, but may have missed seeing it.  Policies are applied on a priority basis, with the default policy applying only if no others apply.  Since
  these accounts are considered "Contacts with external e-mail addresses", you can create a policy for your entire organization that handles only these accounts.  You don't need to apply it to a single OU, if your mail enabled accounts aren't
  in a single OU.  (If they are, of course, feel free to apply it only there.)  You can create the policy and apply it to the organization, but only to those objects that are "Contacts with external e-mail addresses".  That way, it won't
  affect any of your Exchange mailboxes (current or future).
  Does this help?
  (BTW, one minor correction - your third statement about mail contacts is incorrect - Exchange sees no major difference between mail contacts and mail enabled accounts - and in my experience they are both addressable by the internal address.)

• Secondary email address

  I have two ID  accounts and before icloud came along I had a secondary email address which I cant find in either accounts. does anyone know how I locate it as I wish to change the password

  There's a section at the bottom of the Account Tools page for creating sub accounts.
  If a forum member gives an answer you like, give them the Kudos they deserve. If a member gives you the answer to your question, mark the answer as Accepted Solution so others can see the solution to the problem.
  "All knowledge is worth having."

• Secondary IP address support on CSS-11503

  Hi, I´d like to know whether it is allowed to configure a secondary IP address on a CSS' interface, as it is on Cisco routers. If so, how can it be done?
  Thanks,
  Enrique

  you can have multiple addresses define on a circuit.
  ie:
  circuit VLAN1
  ip address 10.1.1.1 /24
  exit
  ip address 20.1.1.1 /24
  Regards,
  Gilles.

• Will Exchange ever support sending mail from a secondary smtp address?

  Most here probably know this but a quick recap:
  User has PrimarySMTP address of [email protected] and secondary SMTP of
  [email protected] In Outlook, if you set the secondary SMTP address in the "From" field, Exchange will throw an "undeliverable" error stating you're not authorized to send mail as
  this user. I know there's
  3rd party tools that can help you with this, and ways to circumvent this (using extra accounts or distrigroups) but it's actually really annoying. I've been involved with a lot of companies with different brands (and a domain for each brand) and
  who want to communicate with the outside world using these different brandnames. One salesmanager could be involved with different brands and right now you'll have to create a new account or group for each and every brand/domainname.
  With every new Exchange one of the first things I check if this behaviour has changed.. Will this ever be implemented? Is there anyone here that could shed some light on that? Is there a reason why this does not change?
  Kind regards,
  Remco Roxs

  Nobody who participates in these forums knows what the future holds at Microsoft.  If we did, we wouldn't be able to share it with you in any case because we'd be sworn to secrecy.
  Just buy this for your sales manager: http://www.ivasoft.biz/choosefrom2007.shtml
  Or just tell him to use two mailboxes.
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• Secondary IP Addresses

  I added a secondary IP address to an interface and I cannot ping any hosts on that subnet unless I use extended ping commands and ping from the secondary IP addresses as the source. Why would that be?

  Hi GP,
  Thanks for the quick reply. The problem is I cannot ping that subnet from any other host on the other subnets. When I run a "show ip route" the subnet I am looking for is directly connected as are the other subnets I am trying to ping from. I.e:
  int vlan1
  ip address 205.205.X.X 255.255.255.0
  ip address 209.115.X.X 255.255.255.0 secondary
  ip address 10.0.5.1 255.255.255.0 secondary
  I use the 10.0.5.1/24 subnet to access equipment that don't need public IP addresses. Shouldn't I be able to ping from a host on the 205.206.x.x network and be able to reach the 10.0.5.x network since they are both directly connected?
  Any light you can shed would be greatly appreciated.

• RADIUS and Secondary IP addresses - TID10060454

  I found this TID from 2002 and wondering if the enhancements have been
  made to allow radius to be bound to secondary IP addresses? I would like
  to be able to Load radius in a clustered environment and cannot. I
  realize radius isn't officially supported, but is there any advice with
  regard to redundancy given the current restrictions? Can the DAS object
  be loaded on more than one server at a time without creating issues?
  Seems that would be to simple of an answer.

  RADIUS _IS_ officially supported by Novell.
  The TID you referenced indicates a problem that RADIUS has on multi-homed
  servers. RADIUS will run on multi-homed servers, as you have seen. However,
  it will bind to all of the interfaces, but will only send responses on the
  primary interface.
  You cannot load RADIUS more than one time on a server. For redundancy you'll
  have to set up an additional RADIUS server using the same DAS object.
  >>> <[email protected]> 1/18/2005 9:48:31 AM >>>
  I found this TID from 2002 and wondering if the enhancements have been
  made to allow radius to be bound to secondary IP addresses? I would like
  to be able to Load radius in a clustered environment and cannot. I
  realize radius isn't officially supported, but is there any advice with
  regard to redundancy given the current restrictions? Can the DAS object
  be loaded on more than one server at a time without creating issues?
  Seems that would be to simple of an answer.

• Static NAT for Secondary IP addresses

  I am running a Novell SBS 6.0 SP4 server w/Border Manager 3.6 Sp2 with two
  Netcards. My Two public IP address w/different subnets on the same Net
  card will keep running but the secondary IP address fail after a few
  hours, but can be pinged from inside the Network. The following is how my
  config is setup:
  Netcard #1(public):
  IP #1 - 66.170.173.100 Subnet 255.255.255.240
  Static/Dynamic 66.170.173.17 -> 192.xxx.1.22
  66.170.173.18 -> 192.xxx.1.23
  66.170.173.20 -> 192.xxx.2.25
  IP #2 - 66.170.173.17 Subnet 255.255.255.248
  Static/Dynamic - Disabled
  Secondary Ip Address bound -> 66.170.173.18
  -> 66.170.173.20
  Netcard #2 (private)- 192.xxx.1.16
  The modem is connected directly to Netcard #1 with not router between
  them. Is there something wrong with this setup or is there something else
  I have to do? My filters seem to be working fine as far as I know.
  Thank you,
  [email protected]

  > hi Ken,
  >
  > do you have a way to verify that the secondary IP addresses work
  properly if
  > they're associated to another device?
  > What's the agreement you have with your ISP about the two subnet of
  > addresses? Are they aware that they're associated to the same physical
  > device? I'm wondring if there is something wrong in the wireless system
  that
  > prevents ARP from working properly in that configuration.
  >
  > --
  > Caterina Luppi
  > Novell Support Connection Volunteer Sysop
  > <[email protected]> wrote in message
  > news:zj7mc.1918$[email protected]..
  > > > Hi Ken,
  > > >
  > > > > Whos router are we talking about? Is it the modem of the ISP just
  > > before
  > > > > my server or my internal switches for my workstations?
  > > >
  > > > sorry, my bad. I was referring to the modem of the ISP. I suspect
  this
  > is
  > > > not a modem only, right? I mean, you have an ethernet connection
  between
  > > the
  > > > modem and the BM server, correct? In this case the device of your
  ISP is
  > > a
  > > > modem/router, not a modem only.
  > > > Are you using DSL or cable?
  > > > --
  > > > Caterina Luppi
  > > > Novell Support Connection Volunteer Sysop
  > > >
  > > >
  > > Yes, we are running wireless DSL. They called it a modem, but it might
  be
  > > a router.
  > >
  > > [email protected]
  >
  >
  I just received an email back from the ISP and they said they have had
  troubles with that modem and ARP tables. They are going to swap out the
  modem when they get the new type of modems in. I will post back the
  outcome when they swap them out.
  Thank you for the help,
  [email protected]