Link to home
Start Free TrialLog in
Avatar of sk33v3
sk33v3

asked on

Routed Net Blocks

I have a client who has an internet connection coming into them and they needed to have 32 Public IP's. What the ISP gave them was 2 subnets, the first was a /29 and the second was the /27. Now what I need to find out is what needs to be setup to properly get the /27 network to access the internet? I understand I am going to have to have a router on the /29 network to act as a gateway to the /27 but what type of equipment would you recommend to do this and how would the setup work. Thanks.
Avatar of Craig_200X
Craig_200X
cheap way - have a second router (and hubs/switches) route between the two subnets.

better, more secure way - have a good router(cisco - low end router 1600/1700) and a vlan switch(3550) segment the network.


<ISP>-----<router1>----<subnet /29>
                   \
                     <router2 - WAN on subnet of router1 - LAN on /27 >-----<subnet /27>

or


<ISP>----<CISCO>---<VLAN Switch /27 & /29 subnets>
Avatar of static-void
static-void
it really depends on what setup you want, for example are you wanting to nat computers in your internal network or just route external addresses 1 to 1 to your internals. I would be inclined to set up a firewall with aliasing so that it can handle the whole ip range and bring that whole range into your network at that point. then manage its mapping via a firewall which would be more extendable than simply trying to route the individual addresses. DOes this sound like what you want?
Avatar of sk33v3
sk33v3

ASKER

That sounds like a very nice solution. What type of firewall would you recommend?
Avatar of sk33v3
sk33v3

ASKER

Craig_200X,
What equipment would you recommend? I am not very experienced with cisco equipment, never really had to deal with it previously. How easy is the equipment to configure?
ASKER CERTIFIED SOLUTION
Avatar of Craig_200X
Craig_200X
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Booda2us
Booda2us
Hello sk33v3: Cisco has a nice Firewall that allows up to 50 users...:
PIX-501-50-BUN-K9
Cisco equip is fairly simple to configure... They will provide tech support with purchase of equip., and phone support for any potholes you encounter...
Hope this helps...Booda
Avatar of sk33v3
sk33v3

ASKER

Looks like I am going to be going the route Craig suggested. I currently have a 1760 Sitting in our office. I just need to verify it still functions. Its been sitting there for a few months. Now I picked up a cisco book, not one of the cert books, and am reading through it. I will get back in about 3 days to post wether everything worked out.
Avatar of static-void
static-void
If you already have a PIX then it may well be the best solution for you to put that into your network, but you may well have to buy additional licenses to handle the volume of external IP addresses you have as its not standard (most people only own 1) If you want to publish seperate services online from each of these addresses then the increased ip range would be useful to you, otherwise a firewall with NAT is far more useful to you (ie you can have an unlimited number of pc's that connect to the internet through a single ip address).
If your going to have to pay a whole lot of money on liscencing i personally prefer software firewalls as i find PC architecture far easier to upgrade than something like a PIX. I personally use smoothwall advanced firewall and swear by it. This also has an unlimited user liscence for internet connectivity behind the firewall, can handle multiple ips via aliasing, comes with 4 physical network interface liscences but can be licenced with as many as you need. Has a huge suite of additions including a packet based virus scanner ect... Ive tried with physical device products but found them far less flexiable.