?
Solved

IP Range addition

Posted on 2011-05-11
20
Medium Priority
?
494 Views
Last Modified: 2012-05-11
Hi,

We recently asked for an additional range of IP addresses from our ISP as the .248 mask we had prior was not enough. Our ISP have not allocated us another .248 mask on a separate range and routed it down to our router. Can you help in trying to configure our Cisco 800 and Pix 506e to accomodate the natting and routing of this range?

They are on completely different ranges... Is it even possible to setup the cisco 800 router to route two ranges to the pix and for the pix to deal with the natting on both the old .248 and the new .248

0
Comment
Question by:dqnet
  • 9
  • 5
  • 4
  • +2
20 Comments
 
LVL 18

Expert Comment

by:jmeggers
ID: 35737335
Which device is on the outside?  You should be able to configure a secondary address on the 800 (I believe all IOS devices support that) but I'm fairly certain the PIX doesn't support secondary addressing.  I suspect the PIX won't let you NAT to an address that isn't on the outside range and successfully pass traffic.  If you can do your NATing on the outside of the 800, then you may be able to make it work.  I've never configured NATing to a secondary address, though, so no guarantees.
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 2000 total points
ID: 35737429
You don't need secondary addressing.  Simply route the new subnet to the PIX and do NAT like normal.

800:

ip route <new subnet> 255.255.255.248 <PIX outside IP address>

Then on the PIX, simply do static NAT statements like you normally would.  The new subnet doesn't need to be attached to an interface.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35737472
Well, it looks like you already got your answer :)

(have to be faster next time).
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
LVL 29

Expert Comment

by:pwindell
ID: 35739741
What you really ought to do is go back to the ISP and give up both of the *.248 segments and get a single 255.255.255240 segment and forget it.  The situation the ISP is sticking you in with this is just a mess in my opinion and in terms of ISPs,...just plain "bad service".
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35739750
Missing a dot

255.255.255.240
0
 

Author Comment

by:dqnet
ID: 35741087
Totally agree...
I have complained to them and i'm waiting to here back from them.
I'll keep you guys posted.
0
 

Author Comment

by:dqnet
ID: 35768949
Ok, they have agreed to give one .240 block..
I just need to make sure the transistion is phase in phase out..
.is this possible? Can they route the same range to cisco 800 router and once all records propgated remove the entry for the .248 range from the router config?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35768998
That should work the same way as they did with the additional .248 block.
0
 

Author Comment

by:dqnet
ID: 35769043
yes, but will they route traffic to old ip's too... i dont want them to switch one off and one on... dns would take a few hours... can they route the traffic to both the .248 and the .240 until i tell them the .248 range is free to put back into their pool?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35769131
Physical that should be possible afaik. Just communicate that very well with them (and ask it nicely ;)
0
 

Author Comment

by:dqnet
ID: 35770356
haha - let's find out.. should have an answer tomorrow :)
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35770695
Let's wait and see then ;)
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35770889
Yea,...you should be asking the Provider those questions,...not us   :-)
0
 

Author Comment

by:dqnet
ID: 35770912
Hehe, I was more wondering if it was possible with BGP or anything, like is it even feasible..

I mean them doing it or not is another question,
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35771075
Well,...if it was me,...and is has been before,....I wouldn't (and didn't) even worry about that.

Our ISP is also our DNS Host (authoritative DNS).  They gave us the new IP Range, replaced the old router with a different one that was preconfigured when they brought it over and corrected our DNS records "all at once" and there was pretty much no downtime at all.  I never ran both the "old" and the "new" at the same time,...it was a clean cut-over.  We did leave the old equipment in place for a bit "just in case", but we never had to use it.

But our ISP is local (not some nation "chain"),...I can call them on the phone, a human answers,...or I can drive over there in the car and look them in the eye personally.  I don't know if yours is that way.
0
 

Author Comment

by:dqnet
ID: 35806756
Ok, i've got the new range.. i'm not too sure how to route this now..
I've fired up my cisco router,
enable
int vlan1
ip address xxx.xxx.xxx.xxx 255.255.255.240 secondary

i've added the nat on the pix with an ip on the new range
no luck

can someone shed some light..?
0
 

Author Comment

by:dqnet
ID: 35806781
-Router(config-if)#ip address xx.xx.xx.xx 255.255.255.240 secondary
Bad mask /28 for address xx.xx.xx.xx



if thats even the command i should be using?
im using this site as a reference
http://www.itsyourip.com/cisco/configure-multiple-ip-address-on-a-cisco-router-interface/
0
 

Author Comment

by:dqnet
ID: 35806813
ok wait, my mistake i started the command at the first usable and the network address so the command went through ok.. i've done a nat on the pix but its not working?
0
 

Author Comment

by:dqnet
ID: 35809757
Ignore! All working! :)
Awesome!
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35810539
I knew you could do it ;)
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question