Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
341
Views
0
Helpful
7
Replies

Subnetting Issue

stefaandk
Level 1
Level 1

‎09-26-2006 08:35 PM - edited ‎03-03-2019 05:15 AM

This is the issue I'm facing.

I have a cisco 2621 edge router and a /23 network internally, this is a real IP range (not rfc 1918), lets say for the sake of this example it's 200.90.4.0/23

I want to go

router ----- Firewall---subnet

I want to split my subnet in 2 x /24 address spaces but obivoulsy that's not gonna work as I need a real IP subnet between my router and firewall in the same address space, like a /30.

Doing that breaks my subnetting all together beyond the firewall.

Bottom line, how can I solve this issue? A better way to subnet, is there Cisco technology that allows my router and firewall to talk to each other without requiring an IP subnet?

Thanks,

Labels:
0 Helpful
7 Replies 7

royalblues
Level 10
Level 10

‎09-26-2006 08:44 PM

Hi Stefan,

It would help if you could let us know what exactly you want to achieve by subnetting the address spave into 2 /24

regards

Narayan

0 Helpful

stefaandk
Level 1
Level 1
In response to royalblues

‎09-26-2006 09:02 PM

It would be for simplicity's sake although that in itself isn't that much of an issue, I could even make it into /28's

But I don't have enough physical interfaces to route that many subnets.

0 Helpful

jackyoung
Level 6
Level 6

‎09-26-2006 11:16 PM

First of all, because the FW will also use IP to talk to other devices, so it is require to enable IP in router & FW. Unless you enable bridging at router and FW talk to the remote via the bridged router port, but it is not recommended.

For your situation, do you mean the FW & router will also require to use public IP ? If yes, thre are three ways to do it :

1) Enable NAT at the router and use private address between FW & router.

2) Borrow one /30 subnet from the /23 address, but will waste some IP.

3) Enable "IP Unnumber" at the LAN port at router which is connecting to the FW, and the FW and router's WAN use the same subnet (/23). FW will looks like to talk to the router's WAN port directly.

I recommend option 3 due to no IP wasted and simplier to configure the router.

Hope this helps.

0 Helpful

stefaandk
Level 1
Level 1
In response to jackyoung

‎09-26-2006 11:47 PM

My last xp with IP unnumbered was on serial interfaces at which stage it was only supported on serial interfaces.

Is this an option on ethernet links now?

0 Helpful

jackyoung
Level 6
Level 6
In response to stefaandk

‎09-27-2006 12:07 AM

IP Unnumber should be able to apply on Ethernet interface, but I have no idea is there any limitation on your router model.

e.g.

int s 0

ip addr x.x.x.x y.y.y.y

int e 0

ip unnumber s 0

Please try it and advise the result and provide the screen capture if it fails.

Hope this helps.

0 Helpful

stefaandk
Level 1
Level 1
In response to jackyoung

‎09-27-2006 12:17 AM

My last xp with IP unnumbered was on serial interfaces at which stage it was only supported on serial interfaces.

Is this an option on ethernet links now?

0 Helpful

jackyoung
Level 6
Level 6
In response to stefaandk

‎09-27-2006 12:36 AM

I am sorry for incorrect proposal. Could you please try to reverse the assignment by apply the IP at Ethernet and apply the IP unnumbered at Serial ?

Below link describes the IP Unnumberred, it describes the IP Unnumbered only works on point-to-point interface.

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094e8d.shtml

Sorry for any inconvenience.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents