cancel
Showing results for 
Search instead for 
Did you mean: 

Assign multiple IPs to external port on MAG 2600

JKendall80_
New Contributor

Assign multiple IPs to external port on MAG 2600

Hello,


We have a MAG 2600 device and two different ISPs. Last week one of the ISPs dropped and we were on our secondary, but the VPN would not work. After review, I noticed that the external port was tied to the main ISP, but no routes, etc. for the secondary. Is there a way for me to enter in a static route to make sure that if our primary ISP drops again we would be able to keep running the VPN using the secondary?

 

Let me know if you have any questions I can answer for more information.

 

Thanks,

JKendall80 

3 REPLIES 3
vcl_
Occasional Contributor

Re: Assign multiple IPs to external port on MAG 2600

Hello,

 

Not sure if I well understood your needs, but you could use "virtual ports" to have several IPs on the same physical external ports.

 

Never tested with different subnets however, I usually use them to separate flows:

 

.1 is for core access

.2 is for Pulse access

.3 is for PTP

 

It allows to have more visibility.

 

Worth a try I guess, if it is possible to have 2 subnets on 2 virtual ports, then you may be able to use the routing table to make what you need.

 

Vincent

zanyterp_
Respected Contributor

Re: Assign multiple IPs to external port on MAG 2600

There is nothing to allow for this on the appliance. You can manually set routes once something goes down or change the IP to the new network
spuluka
Super Contributor

Re: Assign multiple IPs to external port on MAG 2600

Bear in mind that the external port on the MAG is not designed to be placed directly onto the internet but inside a DMZ zone.  This should be treated like any other internet facing web server providing a public service.

 

So the only route the external interface should need is the default gateway for the DMZ zone where it is installed.  Your routing and inbound nat from the two ISP would be handled by your edge firewall.

 

See the outline for dual DMZ deployments in kb 10162

 

SSL deploy options:
http://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB10162

Steve Puluka BSEET - IP Architect - DQE Communications Pittsburgh, PA (Metro-Ethernet & ISP) - http://puluka.com/home