Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
252
Views
0
Helpful
2
Replies

ip subnetting

m.matteson
Level 2
Level 2

‎12-26-2003 09:07 AM - edited ‎03-02-2019 12:34 PM

I was having a few questions regarding subnetting and vlsm. i have a router that has one ethernet interface connected to a pix firewall and will have a dmz hanging off of one of the pix ports. i have a 10.10.10.32-63 ip range. now i've been taught that you can only route between subnets and that you can't have ips of one subnet on more then one interface of a router. so that means that i need to subnet the range given me and i would like to do that the most efficient way. i only need 2 ips between the pix and the router. and the rest of the ips i would like to have in the dmz. also how many of you guys would suggest using ip subnet-zero? i haven't used it before but know that you can. since i need to subnet and i can't use the first or last subnet i need to use a mask of 255.255.255.248. that gives me 4 subnets. 32-39, 40-47, 48-55, 56-63. that gives me two usable subnets. if i use one for the pix router i will be wasting 4 ips. if i subnetted that using a /30 address into 48-51, 52-55 then i can't use any ips because i one is the network and the other the broadcast addresses for that subnet. how can i do this the most efficient way? does anyone have some insight to this problem? thanks a lot.

Labels:
0 Helpful
2 Replies 2

Ladislaus
Level 1
Level 1

‎12-26-2003 10:56 AM

I suggest you use ip subnet-zero, there is no reason not to!

if you would have had the range of 10.10.10.0-10.10.10.32

then ip subnet-zero might have been a bad idea.

but since you're on .32 to .63 there can be made no confusion about .32 being the subnet zero.

subnet zero can become a problem with routers not supporting VLSM but since you have .32 there can be no misunderstanding.

between your pix and the router you can use private addressing (192.168.0.0 for example) as long as you don't route it anywhere..

0 Helpful

kkalaycioglu
Level 4
Level 4
In response to Ladislaus

‎12-26-2003 03:38 PM

Dividing your ip range to two or eight will waste many addresses But you can:

10.10.10.32 255.255.255.240 for DMZ (if 13 add. is enaough)

10.10.10.48 255.255.255.252 for PIX - Router conn.

10.10.10.52 255.255.255.252 for future use

10.10.10.56 255.255.255.248 for future use

----------------------

Another solution is using another illegal address for PIX - Router. But if you're using a private addressing scheme in your network (10.0.0.0) you should be able to use other no used blocks of this network.

Regards.

0 Helpful
Customers Also Viewed These Support Documents