why not? ip address outside 44.130.0.1 255.255.255.0 (for terminating ipsec sessions) global (outside) 1 44.130.2.1 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 (for access to internet) route outside 0.0.0.0 0.0.0.0 44.130.0.254 at the defaultgateway (router) 44.130.0.254 you have to set a secondary address to the interface ip address 44.130.2.254 255.255.255.0 secondary (proxy arp on pix-outside must be enabled) or a routing entry for the address 44.130.2.1 ip route 44.130.2.1 255.255.255.255 44.130.0.1 that's all. best regards dirk Chris Kirschke wrote: > PIX firewalls do not support secondary addresses... > > Chris Kirschke > Chief Guru > Astreya Partners, Inc > chris@astreya.com > 408-790-5900 xt 531 > > -----Original Message----- > From: Dragan Milojevic [mailto:dmilojevic@goldtech.com] > Sent: Monday, June 10, 2002 5:06 AM > To: firewalls@lists.gnac.net > Subject: Duplicate IP addresses > > Hello, > Is it possible to have two different IP addresses for outbound interface on >PIX 501/506 firewall at the same time (one used only for IPSec another used >for Internet connection)? > > Thanks. > > _______________________________________________ > Firewalls mailing list > Firewalls@lists.gnac.net > For Account Management (unsubscribe, get/change password, etc) Please go to: > http://lists.gnac.net/mailman/listinfo/firewalls -- ISION Internet AG Dirk Pfau IP Network / iSecurity Harburger Schlossstr. 1 D-21079 Hamburg Fon: +49 40 77175-538 eMail: Dirk.Pfau@energis-ision.com Web: http://www.energis-ision.com _______________________________________________ Firewalls mailing list Firewalls@lists.gnac.net For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls