sk33v3
asked on
Routed Net Blocks
I have a client who has an internet connection coming into them and they needed to have 32 Public IP's. What the ISP gave them was 2 subnets, the first was a /29 and the second was the /27. Now what I need to find out is what needs to be setup to properly get the /27 network to access the internet? I understand I am going to have to have a router on the /29 network to act as a gateway to the /27 but what type of equipment would you recommend to do this and how would the setup work. Thanks.
it really depends on what setup you want, for example are you wanting to nat computers in your internal network or just route external addresses 1 to 1 to your internals. I would be inclined to set up a firewall with aliasing so that it can handle the whole ip range and bring that whole range into your network at that point. then manage its mapping via a firewall which would be more extendable than simply trying to route the individual addresses. DOes this sound like what you want?
ASKER
That sounds like a very nice solution. What type of firewall would you recommend?
ASKER
Craig_200X,
What equipment would you recommend? I am not very experienced with cisco equipment, never really had to deal with it previously. How easy is the equipment to configure?
What equipment would you recommend? I am not very experienced with cisco equipment, never really had to deal with it previously. How easy is the equipment to configure?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hello sk33v3: Cisco has a nice Firewall that allows up to 50 users...:
PIX-501-50-BUN-K9
Cisco equip is fairly simple to configure... They will provide tech support with purchase of equip., and phone support for any potholes you encounter...
Hope this helps...Booda
PIX-501-50-BUN-K9
Cisco equip is fairly simple to configure... They will provide tech support with purchase of equip., and phone support for any potholes you encounter...
Hope this helps...Booda
ASKER
Looks like I am going to be going the route Craig suggested. I currently have a 1760 Sitting in our office. I just need to verify it still functions. Its been sitting there for a few months. Now I picked up a cisco book, not one of the cert books, and am reading through it. I will get back in about 3 days to post wether everything worked out.
If you already have a PIX then it may well be the best solution for you to put that into your network, but you may well have to buy additional licenses to handle the volume of external IP addresses you have as its not standard (most people only own 1) If you want to publish seperate services online from each of these addresses then the increased ip range would be useful to you, otherwise a firewall with NAT is far more useful to you (ie you can have an unlimited number of pc's that connect to the internet through a single ip address).
If your going to have to pay a whole lot of money on liscencing i personally prefer software firewalls as i find PC architecture far easier to upgrade than something like a PIX. I personally use smoothwall advanced firewall and swear by it. This also has an unlimited user liscence for internet connectivity behind the firewall, can handle multiple ips via aliasing, comes with 4 physical network interface liscences but can be licenced with as many as you need. Has a huge suite of additions including a packet based virus scanner ect... Ive tried with physical device products but found them far less flexiable.
If your going to have to pay a whole lot of money on liscencing i personally prefer software firewalls as i find PC architecture far easier to upgrade than something like a PIX. I personally use smoothwall advanced firewall and swear by it. This also has an unlimited user liscence for internet connectivity behind the firewall, can handle multiple ips via aliasing, comes with 4 physical network interface liscences but can be licenced with as many as you need. Has a huge suite of additions including a packet based virus scanner ect... Ive tried with physical device products but found them far less flexiable.
better, more secure way - have a good router(cisco - low end router 1600/1700) and a vlan switch(3550) segment the network.
<ISP>-----<router1>----<su
\
<router2 - WAN on subnet of router1 - LAN on /27 >-----<subnet /27>
or
<ISP>----<CISCO>---<VLAN Switch /27 & /29 subnets>