Ask the Expert

How do secondary networks work?

How do secondary networks work?
I have seen routers and firewalls configured with a public IP address on the internal interface and a private IP address also configured on the internal interface as secondary. Does the internal interface have to connect to a managed switch with Layer 3 capabilities?

I thought it was invalid to share a public and private IPs on the same LAN or interface. Could you point me to a good resource for this information?

    Requires Free Membership to View

Usually firewalls are configured with one public and one private IP address, the latter one connecting directly to the local network. In more complex configurations where there might be a DMZ zone involved, you are likely to find a mixture of private and public IP addresses assigned to the firewall or hosts that are part of the DMZ.

Because firewalls are considered quite complex devices and they require a certain level of knowledge and maintenance, most small offices and companies prefer the router and firewall combination, in one box. This is set up once and can then be forgotten in the rack as it happens with most (Cisco) routers! When such configurations are required, the router will be assigned a private IP address on the internal LAN, while the WAN interface obtains its IP from the ISP to which it connects.

In addition, these routers are usually configured with NAT overload mode (see www.firewall.cx/nat-intro.php for more details) so they hide the internal IP addresses from the rest of the world.

Closing, if two logical networks exist and there is one router only, with no firewall between, then the most simple way to connect both of these networks to the Internet would be to assign two IP addresses to the router's Ethernet interface so they router becomes part of both networks.

This was first published in March 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: