06-29-2012 02:53 AM - edited 03-04-2019 04:50 PM
We currently have an office in Tokyo that connects to the ISP using a PPPoE connection on an ASA. The ISP has supposedly assigned us a public /28, but I can't work out how to use any of the addresses other than the one that we use on the outside of firewall (which is part of this /28 block)
I tried to configure the IP address on the outside interface with a /28 mask, but it just reset the interface and changes the config back to a 32 bit mask
ip address X.X.X.X 255.255.255.255 pppoe setroute
We're going to replace the firewall with a router of some sort and have that do the PPPoE, but I don't know if I'll have the same problem.
Does anyone know how I can use these other addresses?
Will a router only be able to use a /32 address on the dialer?
Would I even be able to subnet the /28 down and host a /29 or something beind the router (when installed)?
Many Thanks in advance
Dom
Solved! Go to Solution.
06-29-2012 06:03 AM
They are probably using a sticky static for your device connected to them and then routing your network down that interface. So you should be able to use the /28 on the back side of the router off a different Ethernet port or another port off the Asa.
Sent from Cisco Technical Support iPad App
06-29-2012 06:03 AM
They are probably using a sticky static for your device connected to them and then routing your network down that interface. So you should be able to use the /28 on the back side of the router off a different Ethernet port or another port off the Asa.
Sent from Cisco Technical Support iPad App
07-06-2012 03:29 AM
Thanks for the reply Ryates, I havae split the /28 in half and can route to one half of it if I configure it behind the ASA, which is great.
You said that should be able to route to the whole /28 behind the firewall - If I split the subnet in half, the address assigned to the outside by PPPoE is in the top half of the subnet, which is why I configured thee bottom half beghind the firewall.
Are you saying that I should be able to have the /32 address on the outside, and the the whole /28 behind the firewall? The addresses will be overlapping but these sort of connections seem to work in strange ways (eg a default route not on the same subnet) so nothing would surprise me
Cheers, Dom
07-06-2012 06:50 AM
Hi,
You can use static nat on your router. or you can assign nat pool and add nat rule to use it. this is probably better than assigning the /28 to your Fast Ethernet port for so you don't loose 2 IP addresses and it would be easier to change public IP address assignements.
HTH
Don't forgrt to rate useful answers.
07-12-2012 08:52 AM
Hi Iyad, thanks for your suggestion, but I want to have the routeable public subnet behind the firewall/router as I need to host some third party eqpt there that needs to be on the internet
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: