Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
282
Views
0
Helpful
1
Replies

do I need external ip address , if yes what block

mehta.rahul
Level 1
Level 1

‎09-15-2006 06:30 AM - edited ‎03-09-2019 04:12 PM

I have a planning problem

We have 2621 cisco router, and we are terminating couple of vpn tunnels data as well as voice on the router serial interface.

Our internal network is on the cisco 2621 fast ethernet 0/0 and router is natting the traffic , between internal network and external.

Now we are introducing an asa 5510 firewall between internal network and router fast ethernet.

I want help with following

we want to move data tunnels to asa firewall .

do I need external IP on router fast ethernet and external IP on firewall ?

I have a external ip block of 8 ip and router serial interface 0/0 is using one of them 216.31.238.106 255.255.255.248

if I do need more external ip , what should I ask my isp , what subnet etc?

I am novice into this and my senior has left job so pardon me from being so dumb..

Labels:
0 Helpful
1 Reply 1

rmeans
Level 3
Level 3

‎09-15-2006 11:15 AM

You will need to contact your ISP (I believe Telepacific Communications) and explain the current network setup and what you want to do. The ISP should have staff to assist you. I am guessing your changes will go something like this.

Currently your 2621 is assigned .106. It is likely the 2621 default gateway is .105. Both the ISP router (.105) and your 2621 serial 0/0 (.106) will need new IP addresses (network). The ISP will give/tell you what the new IP addresses and network will be. The netmask will likely be 255.255.255.252 (not 255.255.255.248 like the current). Once the ISP and you reconfigure your routers, you will be able to assign your address block (216.31.238.104/29) to any devices you want. You will probably want to assign .105 to the 2621 Fast Ethernet 0/0. The ASA outside interface will get .106. The remaining addresses (.107 - .110) can be used however you like.

You mentioned that VPN connections terminate on the 2621 serial interface (.106). I suggested assigning the ASA .106 (above) as a way to minimize configuration changes on the other end of the VPN connections. Prior to your changes, the remote-side of the VPN connects to your 2621 (.106). After your changes, the remote-side will still connect to .106 (ASA).

Do you need more address space? Using my example above, you will have four addresses available for use (.107 - .110). These addresses could be used to host a publicly accessible web server, e-mail server, ftp server, etc. Unless you know that you will need more addresses, I would stick current eight addresses (216.31.238.104/29). Making several changes at once (adding the ASA and changing public IP addresses) can be difficult and add complexity. I would make one change at a time (adding the ASA).

Hope this helps.

0 Helpful
Customers Also Viewed These Support Documents