We help IT Professionals succeed at work.

Routed Net Blocks

343 Views
Last Modified: 2010-03-18
I have a client who has an internet connection coming into them and they needed to have 32 Public IP's. What the ISP gave them was 2 subnets, the first was a /29 and the second was the /27. Now what I need to find out is what needs to be setup to properly get the /27 network to access the internet? I understand I am going to have to have a router on the /29 network to act as a gateway to the /27 but what type of equipment would you recommend to do this and how would the setup work. Thanks.
Comment
Watch Question

cheap way - have a second router (and hubs/switches) route between the two subnets.

better, more secure way - have a good router(cisco - low end router 1600/1700) and a vlan switch(3550) segment the network.


<ISP>-----<router1>----<subnet /29>
                   \
                     <router2 - WAN on subnet of router1 - LAN on /27 >-----<subnet /27>

or


<ISP>----<CISCO>---<VLAN Switch /27 & /29 subnets>
it really depends on what setup you want, for example are you wanting to nat computers in your internal network or just route external addresses 1 to 1 to your internals. I would be inclined to set up a firewall with aliasing so that it can handle the whole ip range and bring that whole range into your network at that point. then manage its mapping via a firewall which would be more extendable than simply trying to route the individual addresses. DOes this sound like what you want?

Author

Commented:
That sounds like a very nice solution. What type of firewall would you recommend?

Author

Commented:
Craig_200X,
What equipment would you recommend? I am not very experienced with cisco equipment, never really had to deal with it previously. How easy is the equipment to configure?
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Commented:
Hello sk33v3: Cisco has a nice Firewall that allows up to 50 users...:
PIX-501-50-BUN-K9
Cisco equip is fairly simple to configure... They will provide tech support with purchase of equip., and phone support for any potholes you encounter...
Hope this helps...Booda

Author

Commented:
Looks like I am going to be going the route Craig suggested. I currently have a 1760 Sitting in our office. I just need to verify it still functions. Its been sitting there for a few months. Now I picked up a cisco book, not one of the cert books, and am reading through it. I will get back in about 3 days to post wether everything worked out.
If you already have a PIX then it may well be the best solution for you to put that into your network, but you may well have to buy additional licenses to handle the volume of external IP addresses you have as its not standard (most people only own 1) If you want to publish seperate services online from each of these addresses then the increased ip range would be useful to you, otherwise a firewall with NAT is far more useful to you (ie you can have an unlimited number of pc's that connect to the internet through a single ip address).
If your going to have to pay a whole lot of money on liscencing i personally prefer software firewalls as i find PC architecture far easier to upgrade than something like a PIX. I personally use smoothwall advanced firewall and swear by it. This also has an unlimited user liscence for internet connectivity behind the firewall, can handle multiple ips via aliasing, comes with 4 physical network interface liscences but can be licenced with as many as you need. Has a huge suite of additions including a packet based virus scanner ect... Ive tried with physical device products but found them far less flexiable.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.