?
Solved

Routing Question

Posted on 2003-12-10
6
Medium Priority
?
299 Views
Last Modified: 2010-03-19
Hello, hope someone can help.
Manage a corporate network.
5 subnets all sitting behind a firewall with ranges:
10.1.1.x - 10.5.1.x

default route out of the firewall is through the public IP address assigned to one of the port on the firewall onto the internet. All working fine, except now we have connected into a larger WAN that staff on our five subnets need to access from their own desktops.
The problem lies in that the sites (over 1500+) in the WAN also all begin
10.x.x.x, at the moment I have added in a few static routes at the firewall to direct the traffic destined for that domain out though the appropriate port in the firewall

ie route add -p 10.123.0.0 mask=255.255.0.0 192.138.12.4

But - I don't want to have to do this 253 times (also dont want to have to readdress our own domain) is there any clever way I can mask out our internal ranges and direct all traffic destined for the WAN through the correct port with one routing statement?
thanks in advance.
Suzy
0
Comment
Question by:suzyreid
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 31

Expert Comment

by:qwaletee
ID: 9913135
You'll need a few, but you shoudl be able to come up with some masks taht effecively create partial B subnets.
0
 
LVL 1

Author Comment

by:suzyreid
ID: 9913353
Hi
What sort of masks should I be using? Trying to avoid having too many static routes which will kill my firewall performance...
thanks
0
 
LVL 7

Assisted Solution

by:Robing66066
Robing66066 earned 400 total points
ID: 9913667
These should do it.

10.6.0.0 /15
10.8.0.0 /13
10.16.0.0 /12
10.32.0.0 /11
10.64.0.0 /10
10.128.0.0 /9
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
LVL 31

Accepted Solution

by:
qwaletee earned 600 total points
ID: 9916720
That will cover all except 10.0.*.*.  Add 10.0.0.0/8 with a higher routing cost than your local interfaces.
0
 
LVL 1

Author Comment

by:suzyreid
ID: 9934199
If I use a 10.0.0.0/8 route - this will obviously cover everyhting - but will it cause problems with the routes I already have in?
If I have specific routes in, will be used before the general 10.0.0.0/8 ?
0
 
LVL 31

Expert Comment

by:qwaletee
ID: 9936091
Depends on the cost paraneter for the routing table entry.  Default metrics are usually 1, but you can specify a specific metric.  E.g., if you put in all your local routes as cost 1, static routes as 2, and 10.0.0.0/8 as 3, it will consider the "generic" class A 10 network last.

Most routers also are smart within a metric, trying more specific masks first, but I don't know if all do that.  If your does, then you would likely not have to worry at all, because the class A mask is going to get considered last anyway.
0

Featured Post

The Ideal Solution for Multi-Display Applications

Check out ATEN’s VS1912 12-Port DP Video Wall Media Player at InfoComm 2017. Kerri describes how easy it is to design creative video walls in asymmetric layouts and schedule detailed playlists ahead of time with its advanced scheduling feature.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question