• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 330
  • Last Modified:

Routed Net Blocks

I have a client who has an internet connection coming into them and they needed to have 32 Public IP's. What the ISP gave them was 2 subnets, the first was a /29 and the second was the /27. Now what I need to find out is what needs to be setup to properly get the /27 network to access the internet? I understand I am going to have to have a router on the /29 network to act as a gateway to the /27 but what type of equipment would you recommend to do this and how would the setup work. Thanks.
0
sk33v3
Asked:
sk33v3
  • 3
  • 2
  • 2
  • +1
1 Solution
 
Craig_200XCommented:
cheap way - have a second router (and hubs/switches) route between the two subnets.

better, more secure way - have a good router(cisco - low end router 1600/1700) and a vlan switch(3550) segment the network.


<ISP>-----<router1>----<subnet /29>
                   \
                     <router2 - WAN on subnet of router1 - LAN on /27 >-----<subnet /27>

or


<ISP>----<CISCO>---<VLAN Switch /27 & /29 subnets>
0
 
static-voidCommented:
it really depends on what setup you want, for example are you wanting to nat computers in your internal network or just route external addresses 1 to 1 to your internals. I would be inclined to set up a firewall with aliasing so that it can handle the whole ip range and bring that whole range into your network at that point. then manage its mapping via a firewall which would be more extendable than simply trying to route the individual addresses. DOes this sound like what you want?
0
 
sk33v3Author Commented:
That sounds like a very nice solution. What type of firewall would you recommend?
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
sk33v3Author Commented:
Craig_200X,
What equipment would you recommend? I am not very experienced with cisco equipment, never really had to deal with it previously. How easy is the equipment to configure?
0
 
Craig_200XCommented:
I would say it is between beginner and intermediate level config. You will have to do some nat'ing( Intermediate) as static mentioned and you will have to setup a routing protocol such as RIP ( that is easy- 3 commands)

if you want really easy, the first solution is for you...that only requires understanding a little about network routing.

the equip you can use is above.
0
 
Booda2usCommented:
Hello sk33v3: Cisco has a nice Firewall that allows up to 50 users...:
PIX-501-50-BUN-K9
Cisco equip is fairly simple to configure... They will provide tech support with purchase of equip., and phone support for any potholes you encounter...
Hope this helps...Booda
0
 
sk33v3Author Commented:
Looks like I am going to be going the route Craig suggested. I currently have a 1760 Sitting in our office. I just need to verify it still functions. Its been sitting there for a few months. Now I picked up a cisco book, not one of the cert books, and am reading through it. I will get back in about 3 days to post wether everything worked out.
0
 
static-voidCommented:
If you already have a PIX then it may well be the best solution for you to put that into your network, but you may well have to buy additional licenses to handle the volume of external IP addresses you have as its not standard (most people only own 1) If you want to publish seperate services online from each of these addresses then the increased ip range would be useful to you, otherwise a firewall with NAT is far more useful to you (ie you can have an unlimited number of pc's that connect to the internet through a single ip address).
If your going to have to pay a whole lot of money on liscencing i personally prefer software firewalls as i find PC architecture far easier to upgrade than something like a PIX. I personally use smoothwall advanced firewall and swear by it. This also has an unlimited user liscence for internet connectivity behind the firewall, can handle multiple ips via aliasing, comes with 4 physical network interface liscences but can be licenced with as many as you need. Has a huge suite of additions including a packet based virus scanner ect... Ive tried with physical device products but found them far less flexiable.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now