The problem is you cannot assign the same IP addresses to mulitple interfaces, especially on the same router. From what I'm reading, you are trying to assign a /29 (let's say 209.98.10.160/29, which allows for addresses .161-.166) and a /30 from that same range (like 209.98.10.164/30, which allows for .165 and .166). You must be assuming, incorrectly, that addressing is handled like routing, and the router will follow the most specific address. If the router received routes for both these networks on two different interfaces, this works. However, a router cannot have directly connected interfaces that share IP addresses. For instance, in the above example, if allowed (which is why you are getting the "overlapping" error), the router would have to send packets addressed to 209.98.10.165 out both interfaces, which it can't.James Wilson wrote: > > I have a 1750 with a /29 assigned to me, and I need to create a > DMZ to put > a DNS server on so that I can control access using CBAC. My > FastEthernet > interface is trunked to a Cat 2924. I'd like to have the /29 > on one > subinterface which talks to PacBell's router, and take a /30 > out of the > /29 and put it on another subinterface so that I can hang the > DNS server > off a port on that VLAN using a public IP address. I'd also > like to use > static NAT addresses out of the /29 including what would be an > all zero or > all one address out of the /30. My thought is that this would > work since > the NAT will take place via the subinterface on the /29 (ip nat > outside), > and the only time the /30 will come into play is with traffic > destined to > the DNS server, which is not NAT'ed. This would allow me to > have routing > and CBAC protection for the host on the /30 net and not lose > the ability > to use those addresses which would normally be lost from the > /30 all zeros > and all ones addresses by using them for static NAT entries for > hosts on > the private IP side of my network. When I go to assign an > address out of > the /30 to the subinterface facing the DMZ I get a message > stating that > the addresses overlap the other interface. Will this still > work the way I > believe it will? Would it make a difference if I use my > currently shut > down Eth0/0 interface instead of the trunked Fa0/0? > > Thanks for your time/help! > > -- > James D. Wilson, CCDA, MCP > Sr. Network/Security Engineer > "non sunt multiplicanda entia praeter necessitatem" > William of Ockham (1285-1347/49) > > [GroupStudy.com removed an attachment of type > application/x-pkcs7-signature which had a name of smime.p7s] > >
Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51237&t=51193 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
