philipfarnes
asked on
External IP Range split between to interfaces or devices
Hello,
I currently have a usual internet setup, with a block of external ip address on the internet connection and then my watchguard nats various external ip addresses to internal resources eg webserver, exchange server etc.
I now have the requirement that i need to have a mitel teleworker server on an external IP address that is not nated. It has to be actually on the internet.
Can you give me any advice the best way to do so. I thought about breaking the internet connection between the internet router and the watchguard firewall puting a switch inbetween and give the teleworker an ip address in that external range, and the default gateway would be the internet router?
thanks
Phil
I currently have a usual internet setup, with a block of external ip address on the internet connection and then my watchguard nats various external ip addresses to internal resources eg webserver, exchange server etc.
I now have the requirement that i need to have a mitel teleworker server on an external IP address that is not nated. It has to be actually on the internet.
Can you give me any advice the best way to do so. I thought about breaking the internet connection between the internet router and the watchguard firewall puting a switch inbetween and give the teleworker an ip address in that external range, and the default gateway would be the internet router?
thanks
Phil
ASKER
We ended up using drop-in mode
thanks
thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
With FB in drop-in mode all interfaces of FB would have one single IP address and FB would not do NAT for any network. For existing network for which FB does NAT, we would add secondary network with specific IP subnet on the specific interfaces, and FB would do NAT for secondary networks.
We can now have teleworker server behind WG with a public IP [please ensure that this IP is not used by any 1-1 NAT settings or aliases in WG configuration] and have complete firewall protection for teleworker server.
If needed we can open ANY server from specific external IP to teleworker server, so there would be no NAT and so to say no firewall between the configured addresses.
Please let know if you need more details.
Thank you.