Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

internet with public ip

hi! when we subscibe to the internet with static public IP address (WAN(CE/PE) & LAN pool), do we need to tell the telco to set the internal LAN interface IP address in the Telco router/marc?

Eg. if i'm assigned a public LAN ip range of 2.2.2.0/29.

I'm assigning 2.2.2.2 for my FW outside interface, do i need to tell the telco to set eg. 2.2.2.1 in their marc internal interface?

Thanks.

  • WAN Routing and Switching
8 REPLIES

Re:internet with public ip

Hello

You shouldnt need to as the isp lan port will.be in the same subnet range has your wan interface public ip supplied by that isp

Your internal.lan.ip.range can be any ip range you wish as.long as you make sure this isnt leaked out on to the internet -this can be done by implementing NAT

Res
Paul


Sent from Cisco Technical Support Android App

Please don't forget to rate any posts that have been helpful. Thanks.
New Member

internet with public ip

hi! If that's the case, how would i know which Public LAN IP Address is being used in the telco router's internal interface?

New Member

internet with public ip

Hi,

it depends on a service that you have with your ISP. If you've been assigned /29 public IP range then it probably means that the /29 range ISP will route towards your router. In that case ISP needs to give you another /30 block that will be configured on point to point link between your network and the ISP router (public or private, it works anyway)

Regards,

Re:internet with public ip

Hello
Do you mean the your next hop wan address( ie the isps lan facing ip) then in that case they should inform of it -especially if you have been allocated a staticly assigned public address range

Res
Paul

Sent from Cisco Technical Support Android App

Please don't forget to rate any posts that have been helpful. Thanks.
New Member

internet with public ip

hi! I was given a PE/CE IP adress which is the /30 network + a range of pulbic lan ip address of /29, which i can use it for my fw, dmz device and etc.

Hall of Fame Super Blue

internet with public ip

As already mentioned by Mate Gulic, your ISP will use the /30 for the connection between your firewall and their router. They will then add a route for the /29 range pointing to the IP you were assigned from the /30 subnet.

You would have a default route on your firewall pointing to the IP from the /30 assigned to the ISP.

You are then free to use the /29 subnet however you want ie. you do not need to use an IP from this range on a physical interface4, you can simply use them in your NAT config on the firewall.

Jon

New Member

internet with public ip

hi! If i understand you correctly. I would have something as follow

Telco router-----/30--------My FW------NAT /29-----public facing equipment

Is that correct?

How about? This is my understanding on how it shd be setup.

PE/----/30-----CE telco router-------./29 public facing FW

                                             --------/29 ASA

                                             --------/29 SSL vpn.

Hall of Fame Super Blue

internet with public ip

So do you have this -

internal network -> FW -> CE -> PE

where you own the CE router as well as the firewall ?

If so the CE -> PE link will probably use the /30 and the ISP will route the /29 to the outside of your CE router. In which case you could then either -

1) use 2 addresses from the /29 subnet for the firewall outside to CE inside interfaces and the rest for NAT

or

2) use a private address range between firewall outside and CE inside and then you have all the /29 range for NAT but you would need to use at least one for NAT of all internal clients whereas with option 1) you can overload all the internal clients with NAT to the firewall outside interface.

Note also with option 2) you would need to add a route for the /29 to point to the outside interface of your firewall because you are using a private range for the interconnection.

Jon

271
Views
0
Helpful
8
Replies