[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 335
  • Last Modified:

Router LAN Interface IP

This may be a very dumb question, but I'll ask anyway. I've got a cisco 1721 for my T1 internet connection. Its LAN interface has an ip of x.x.x.46, subnet 255.255.255.240/28. I do have a block of IP's.  Whatsmyip.org shows my public ip as x.x.x.40, not .46  I'm confused!
0
bluespringsit
Asked:
bluespringsit
  • 5
  • 5
  • 2
  • +1
1 Solution
 
Intense_AngelCommented:
It is because your lan interface will have the ip of the gateway for your internal clients to point to to get out.  Your public is 40 because your router is using it.  You can easily use one of the other ip's given to you to for outside access.

For instance you could give a server one of your static public IP's and hook it up on the other side of router which is called a DMZ and you could then ping it.  Also....you can use another router etc.  

Make sense?
0
 
bluespringsitAuthor Commented:
Where is it specifed that the router is using .40 ? In the config, there is 216.x.x.46 for the LAN interface and then a 65.x.x.x address for the serial interface. I have a dmz with an smtp relay server and an iis server in it. The DMZ is located off one of the interfaces on my pix firewall. Both servers are using two of the block of public ip's.
0
 
Intense_AngelCommented:
Well now I am somewhat confused.  When I had a T1 going to my house the ISP that I got the router from had given the device a 65 range like above, and they gave the lan side a static that translated with the 65 range, and a static for the gateway...the rest of the range I could use freely, but some I could not and was not allowed to change this, only the ISP provider of the T1 could do this.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
rsivanandanCommented:
It depends on what ip address you are using to NAT your outgoing connections. Can you post your router configuration here ? Are you natting at the router or PIX?

In other words, where do you have the x.x.x.40 address configured? On router or pix?

Cheers,
Rajesh
0
 
pjtemplinCommented:
"my public IP" must be different than "my router's public IP", unless you have a web browser IN your router.

Your PC has the address x.x.x.40.  Your PC's default gateway is x.x.x.46.  You have the subnet x.x.x.[32-47].  Yay.
0
 
rsivanandanCommented:
Thnx for the points. Hope you found out the NAT is to x.x.x.40

Cheers,
Rajesh
0
 
bluespringsitAuthor Commented:
Thats strange. I posted a reply, but it didnt take. NAT is being done on my PIX.

global (outside) 1 216.x.x.40                              
nat (inside) 0 access-list 101                              
nat (inside) 1 0.0.0.0 0.0.0.0 0 0  

The router's lan ip is 216.x.x.46. The outside interface on my pix is 216.x.x.45. NAT is being done on the outside interface of the pix, such that each packet picks up 216.x.x.40 as its global outside source address when the packets are switched from the inside interface to the outside interface on the pix. So, the .40 address isn't actually assigned to any interface, its only being slapped onto each packet as the source address when the packet leaves my network.

Thanks to all of you for your help.
0
 
rsivanandanCommented:
Exactly :-) Glad you got it...

In a way, it is good to NAT to a single ip address as it can handle way up to 65000 connections. But since you have public ip internally, I was wondering why NAT? which basically adds processing on the PIX (Not that it can't handle). Just a thought.

Cheers,
Rajesh
0
 
bluespringsitAuthor Commented:
I'm not sure. As you can probably tell, I inheritted the network and firewall. The pix has three interfaces. One is the DMZ, one is inside, and the third is outside. The DMZ and the Inside interfaces have private range ip's assigned to them. The external interface, which plugs into the route,r has a public ip assigned to it. Is this not optimal?
0
 
rsivanandanCommented:
Oh. that is the perfect way to go about it. I misunderstood the scenario. I thought you were having public ips on your inside too. So now it is clear. so this is how it is;

Internet----(Public)------Router---------(Public)---------------PIX--------------Inside (Private)
                                                                                      |
                                                                                  DMZ (Private


That is a good scenario to continue with.

Cheers,
Rajesh
0
 
bluespringsitAuthor Commented:
Thats it!
0
 
rsivanandanCommented:
:-) I maintain mine the same way...

Nice talkin' to ya...

Cheers,
Rajesh
0
 
bluespringsitAuthor Commented:
Same here. Thanks again!
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 5
  • 5
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now