We have exisitng internet connectivity from our provider.Recently we received additional public IP block for hosting web services.Currently we have the provider internet router connected to our untrust interface on our firewall.
I wanted to know what changes i need to make so that these IP's are avaliable to webservices and accessed from internet.we have 6 usable IP's and we need all of them for web services.
SP has told me that they will configure a static route for new subnet towards firewall untrust interface.
When you configure a static translation for the new address (translating it to some address that the firewall knows is inside - or in DMZ) then the firewall will begin listening for that address on its outside interface. Note that you do not configure the new subnet, you configure the individual host addresses used within that subnet.
So the Internet router will have a packet to forward to one of the new addresses and it will ARP for the new address. The firewall recognizes that the ARP request is for an address that comes through the outside interface and responds to the ARP with the firewall MAC address. The router forwards the packet to the firewall. The firewall does the translation and forwards the packet to the web server to which it has translated the address.