Networking & Wireless forum

General discussion

General Networking Question

First a little background.

I have two subnets at my office connected to the internet:

70.80.90.158/30 (Mask 255.255.255.252) - 2 Hosts
40.50.60.1/27 (Mask 255.255.255.224) - 30 Hosts

70.80.90.158 is assigned to the external interface of my firewall. 70.80.90.157 is my firewall's default gateway (My ISP's router). I do not have a router I control in front of my firewall.

The 40.50.60.1 subnet is routed to my network by my isp. I have 40.50.60.2 assigned to a NIC on my firewall so I can take the other addresses and use static NAT to servers I am providing services to (i.e. mail, ftp, etc). If I tracert from any device with a static nat it's first hop outside my network is on 70.80.90.157.

Here is where the question comes in. I have a client that is bringing their own firewall over to put on the network since my existing one I cannot get VPN to work properly. My ISP doesn't have any IPs from the /27 setup on their routers as far as I know. My initial thought was to take an IP from my routed net to put on their firewall, for example 40.50.60.5. The only device with a physical IP on this net is my firewall which I cannot use as the default gateway. So what would I configure on the client firewall for the gateway?

My thought was to call my ISP and see if the can assign 40.50.60.1 to their internet connected router so I can use that as the default gateway. Is this the way to get this to work?

Thanks,

Hugh

Discussion is locked
You are posting a reply to: General Networking Question
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: General Networking Question
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Ok, I have the picture now.

In reply to: General Networking Question

You have the Netscreen on the network. It doesn't matter about subnets since you have all on the same network and no DHCP server.

That can create problems as the default gateway must be laid out as well.

-> I do see a problem in your basic IP assignments as you are not using private addressing inside your network?

Collapse -
Private Addressing

In reply to: Ok, I have the picture now.

Definitely using private addressing internally, just wasn't sure about the public addressing since only my devices have IPs from the second subnet assigned.

I have 4 separate private networks behind my Checkpoint, and one of them is the one that we have been trying to get the VPN running for. So the idea was to stick another firewall and I will route the destinations that used to be going over the VPN on my Checkpoint to the new Netscreen firewall we will be installing. All actual private IP ranges internally, although I do have a client who insists on using public routable ips internally (that's another discussion all together) Happy

My internal networks are on VLANs and I do not have any workstations behind my firewall for those hosted networks, so even if I had to run DHCP I could with the way the VLANs are laid out.

I have been in situations where I had to do this same thing but instead of putting another static IP on it we would get a DSL/Cable line with static a static IP and bring it in that way, small less than 50 person networks. I typically put my gateways on .1 of the network (like 192.168.1.1) and if I have to bring in another gateway I will put that at 192.168.1.254 for example. As long as the routing is correct on the default gateway it works.

Collapse -
That 40.x.x.x network...

In reply to: General Networking Question

*** UnKnown can't find 40.50.60.1: Non-existent domain

I'd talk to your ISP about this. That's some unknown internet range and I can't find where anyone can use that range.
Bob

Collapse -
Not the real IPs

In reply to: That 40.x.x.x network...

I didn't put the real IP addresses in, I substituted fake routable IPs for my question Happy

Collapse -
I think you need to call Juniper, etc.

In reply to: Not the real IPs

Since I can't check the routing I'd call them and talk. I have an acquaintance there and from what he said they don't route your call to India. As it stands I'd get it all wrong as we can't talk about the IP plan.
Bob

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.