bluespringsit
asked on
Router LAN Interface IP
This may be a very dumb question, but I'll ask anyway. I've got a cisco 1721 for my T1 internet connection. Its LAN interface has an ip of x.x.x.46, subnet 255.255.255.240/28. I do have a block of IP's. Whatsmyip.org shows my public ip as x.x.x.40, not .46 I'm confused!
ASKER
Where is it specifed that the router is using .40 ? In the config, there is 216.x.x.46 for the LAN interface and then a 65.x.x.x address for the serial interface. I have a dmz with an smtp relay server and an iis server in it. The DMZ is located off one of the interfaces on my pix firewall. Both servers are using two of the block of public ip's.
Well now I am somewhat confused. When I had a T1 going to my house the ISP that I got the router from had given the device a 65 range like above, and they gave the lan side a static that translated with the 65 range, and a static for the gateway...the rest of the range I could use freely, but some I could not and was not allowed to change this, only the ISP provider of the T1 could do this.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
"my public IP" must be different than "my router's public IP", unless you have a web browser IN your router.
Your PC has the address x.x.x.40. Your PC's default gateway is x.x.x.46. You have the subnet x.x.x.[32-47]. Yay.
Your PC has the address x.x.x.40. Your PC's default gateway is x.x.x.46. You have the subnet x.x.x.[32-47]. Yay.
Thnx for the points. Hope you found out the NAT is to x.x.x.40
Cheers,
Rajesh
Cheers,
Rajesh
ASKER
Thats strange. I posted a reply, but it didnt take. NAT is being done on my PIX.
global (outside) 1 216.x.x.40
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
The router's lan ip is 216.x.x.46. The outside interface on my pix is 216.x.x.45. NAT is being done on the outside interface of the pix, such that each packet picks up 216.x.x.40 as its global outside source address when the packets are switched from the inside interface to the outside interface on the pix. So, the .40 address isn't actually assigned to any interface, its only being slapped onto each packet as the source address when the packet leaves my network.
Thanks to all of you for your help.
global (outside) 1 216.x.x.40
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
The router's lan ip is 216.x.x.46. The outside interface on my pix is 216.x.x.45. NAT is being done on the outside interface of the pix, such that each packet picks up 216.x.x.40 as its global outside source address when the packets are switched from the inside interface to the outside interface on the pix. So, the .40 address isn't actually assigned to any interface, its only being slapped onto each packet as the source address when the packet leaves my network.
Thanks to all of you for your help.
Exactly :-) Glad you got it...
In a way, it is good to NAT to a single ip address as it can handle way up to 65000 connections. But since you have public ip internally, I was wondering why NAT? which basically adds processing on the PIX (Not that it can't handle). Just a thought.
Cheers,
Rajesh
In a way, it is good to NAT to a single ip address as it can handle way up to 65000 connections. But since you have public ip internally, I was wondering why NAT? which basically adds processing on the PIX (Not that it can't handle). Just a thought.
Cheers,
Rajesh
ASKER
I'm not sure. As you can probably tell, I inheritted the network and firewall. The pix has three interfaces. One is the DMZ, one is inside, and the third is outside. The DMZ and the Inside interfaces have private range ip's assigned to them. The external interface, which plugs into the route,r has a public ip assigned to it. Is this not optimal?
Oh. that is the perfect way to go about it. I misunderstood the scenario. I thought you were having public ips on your inside too. So now it is clear. so this is how it is;
Internet----(Public)------ Router---- -----(Publ ic)------- --------PI X--------- -----Insid e (Private)
|
DMZ (Private
That is a good scenario to continue with.
Cheers,
Rajesh
Internet----(Public)------
|
DMZ (Private
That is a good scenario to continue with.
Cheers,
Rajesh
ASKER
Thats it!
:-) I maintain mine the same way...
Nice talkin' to ya...
Cheers,
Rajesh
Nice talkin' to ya...
Cheers,
Rajesh
ASKER
Same here. Thanks again!
For instance you could give a server one of your static public IP's and hook it up on the other side of router which is called a DMZ and you could then ping it. Also....you can use another router etc.
Make sense?