Solved

Routing Question

Posted on 2003-12-10
6
291 Views
Last Modified: 2010-03-19
Hello, hope someone can help.
Manage a corporate network.
5 subnets all sitting behind a firewall with ranges:
10.1.1.x - 10.5.1.x

default route out of the firewall is through the public IP address assigned to one of the port on the firewall onto the internet. All working fine, except now we have connected into a larger WAN that staff on our five subnets need to access from their own desktops.
The problem lies in that the sites (over 1500+) in the WAN also all begin
10.x.x.x, at the moment I have added in a few static routes at the firewall to direct the traffic destined for that domain out though the appropriate port in the firewall

ie route add -p 10.123.0.0 mask=255.255.0.0 192.138.12.4

But - I don't want to have to do this 253 times (also dont want to have to readdress our own domain) is there any clever way I can mask out our internal ranges and direct all traffic destined for the WAN through the correct port with one routing statement?
thanks in advance.
Suzy
0
Comment
Question by:suzyreid
  • 3
  • 2
6 Comments
 
LVL 31

Expert Comment

by:qwaletee
ID: 9913135
You'll need a few, but you shoudl be able to come up with some masks taht effecively create partial B subnets.
0
 
LVL 1

Author Comment

by:suzyreid
ID: 9913353
Hi
What sort of masks should I be using? Trying to avoid having too many static routes which will kill my firewall performance...
thanks
0
 
LVL 7

Assisted Solution

by:Robing66066
Robing66066 earned 100 total points
ID: 9913667
These should do it.

10.6.0.0 /15
10.8.0.0 /13
10.16.0.0 /12
10.32.0.0 /11
10.64.0.0 /10
10.128.0.0 /9
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 31

Accepted Solution

by:
qwaletee earned 150 total points
ID: 9916720
That will cover all except 10.0.*.*.  Add 10.0.0.0/8 with a higher routing cost than your local interfaces.
0
 
LVL 1

Author Comment

by:suzyreid
ID: 9934199
If I use a 10.0.0.0/8 route - this will obviously cover everyhting - but will it cause problems with the routes I already have in?
If I have specific routes in, will be used before the general 10.0.0.0/8 ?
0
 
LVL 31

Expert Comment

by:qwaletee
ID: 9936091
Depends on the cost paraneter for the routing table entry.  Default metrics are usually 1, but you can specify a specific metric.  E.g., if you put in all your local routes as cost 1, static routes as 2, and 10.0.0.0/8 as 3, it will consider the "generic" class A 10 network last.

Most routers also are smart within a metric, trying more specific masks first, but I don't know if all do that.  If your does, then you would likely not have to worry at all, because the class A mask is going to get considered last anyway.
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question