Generally is not a good ideea to have your firewall do the job of other devices like routers. However there are situations where is not feasible to invest in a router only to do a small task.
The PIX/ASA does not support the secondary ip address on their interfaces. There is a workaround:
- add a static ARP entry so that your firewall replies to ARP requests; use the MAC of the respective interface:
arp interface 192.168.2.1 1234.5678.90ab alias
- add a route to your network (in this example 192.168.1.1 is the IP of the interface):
route interface 192.168.2.0 255.255.255.0 192.168.1.1
