Router LAN Interface IP

It is because your lan interface will have the ip of the gateway for your internal clients to point to to get out.  Your public is 40 because your router is using it.  You can easily use one of the other ip's given to you to for outside access.

For instance you could give a server one of your static public IP's and hook it up on the other side of router which is called a DMZ and you could then ping it.  Also....you can use another router etc.  

Make sense?

Where is it specifed that the router is using .40 ? In the config, there is 216.x.x.46 for the LAN interface and then a 65.x.x.x address for the serial interface. I have a dmz with an smtp relay server and an iis server in it. The DMZ is located off one of the interfaces on my pix firewall. Both servers are using two of the block of public ip's.

Well now I am somewhat confused.  When I had a T1 going to my house the ISP that I got the router from had given the device a 65 range like above, and they gave the lan side a static that translated with the 65 range, and a static for the gateway...the rest of the range I could use freely, but some I could not and was not allowed to change this, only the ISP provider of the T1 could do this.

"my public IP" must be different than "my router's public IP", unless you have a web browser IN your router.

Your PC has the address x.x.x.40.  Your PC's default gateway is x.x.x.46.  You have the subnet x.x.x.[32-47].  Yay.

Thnx for the points. Hope you found out the NAT is to x.x.x.40

Cheers,
Rajesh

Thats strange. I posted a reply, but it didnt take. NAT is being done on my PIX.

global (outside) 1 216.x.x.40                              
nat (inside) 0 access-list 101                              
nat (inside) 1 0.0.0.0 0.0.0.0 0 0  

The router's lan ip is 216.x.x.46. The outside interface on my pix is 216.x.x.45. NAT is being done on the outside interface of the pix, such that each packet picks up 216.x.x.40 as its global outside source address when the packets are switched from the inside interface to the outside interface on the pix. So, the .40 address isn't actually assigned to any interface, its only being slapped onto each packet as the source address when the packet leaves my network.

Thanks to all of you for your help.

Exactly :-) Glad you got it...

In a way, it is good to NAT to a single ip address as it can handle way up to 65000 connections. But since you have public ip internally, I was wondering why NAT? which basically adds processing on the PIX (Not that it can't handle). Just a thought.

Cheers,
Rajesh

I'm not sure. As you can probably tell, I inheritted the network and firewall. The pix has three interfaces. One is the DMZ, one is inside, and the third is outside. The DMZ and the Inside interfaces have private range ip's assigned to them. The external interface, which plugs into the route,r has a public ip assigned to it. Is this not optimal?

Oh. that is the perfect way to go about it. I misunderstood the scenario. I thought you were having public ips on your inside too. So now it is clear. so this is how it is;

Internet----(Public)------Router---------(Public)---------------PIX--------------Inside (Private)
                                                                                      |
                                                                                  DMZ (Private


That is a good scenario to continue with.

Cheers,
Rajesh

Thats it!

:-) I maintain mine the same way...

Nice talkin' to ya...

Cheers,
Rajesh

Same here. Thanks again!