• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 510
  • Last Modified:

IP Range addition

Hi,

We recently asked for an additional range of IP addresses from our ISP as the .248 mask we had prior was not enough. Our ISP have not allocated us another .248 mask on a separate range and routed it down to our router. Can you help in trying to configure our Cisco 800 and Pix 506e to accomodate the natting and routing of this range?

They are on completely different ranges... Is it even possible to setup the cisco 800 router to route two ranges to the pix and for the pix to deal with the natting on both the old .248 and the new .248

0
dqnet
Asked:
dqnet
  • 9
  • 5
  • 4
  • +2
1 Solution
 
John MeggersNetwork ArchitectCommented:
Which device is on the outside?  You should be able to configure a secondary address on the 800 (I believe all IOS devices support that) but I'm fairly certain the PIX doesn't support secondary addressing.  I suspect the PIX won't let you NAT to an address that isn't on the outside range and successfully pass traffic.  If you can do your NATing on the outside of the 800, then you may be able to make it work.  I've never configured NATing to a secondary address, though, so no guarantees.
0
 
JFrederick29Commented:
You don't need secondary addressing.  Simply route the new subnet to the PIX and do NAT like normal.

800:

ip route <new subnet> 255.255.255.248 <PIX outside IP address>

Then on the PIX, simply do static NAT statements like you normally would.  The new subnet doesn't need to be attached to an interface.
0
 
Ernie BeekExpertCommented:
Well, it looks like you already got your answer :)

(have to be faster next time).
0
IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

 
pwindellCommented:
What you really ought to do is go back to the ISP and give up both of the *.248 segments and get a single 255.255.255240 segment and forget it.  The situation the ISP is sticking you in with this is just a mess in my opinion and in terms of ISPs,...just plain "bad service".
0
 
pwindellCommented:
Missing a dot

255.255.255.240
0
 
dqnetAuthor Commented:
Totally agree...
I have complained to them and i'm waiting to here back from them.
I'll keep you guys posted.
0
 
dqnetAuthor Commented:
Ok, they have agreed to give one .240 block..
I just need to make sure the transistion is phase in phase out..
.is this possible? Can they route the same range to cisco 800 router and once all records propgated remove the entry for the .248 range from the router config?
0
 
Ernie BeekExpertCommented:
That should work the same way as they did with the additional .248 block.
0
 
dqnetAuthor Commented:
yes, but will they route traffic to old ip's too... i dont want them to switch one off and one on... dns would take a few hours... can they route the traffic to both the .248 and the .240 until i tell them the .248 range is free to put back into their pool?
0
 
Ernie BeekExpertCommented:
Physical that should be possible afaik. Just communicate that very well with them (and ask it nicely ;)
0
 
dqnetAuthor Commented:
haha - let's find out.. should have an answer tomorrow :)
0
 
Ernie BeekExpertCommented:
Let's wait and see then ;)
0
 
pwindellCommented:
Yea,...you should be asking the Provider those questions,...not us   :-)
0
 
dqnetAuthor Commented:
Hehe, I was more wondering if it was possible with BGP or anything, like is it even feasible..

I mean them doing it or not is another question,
0
 
pwindellCommented:
Well,...if it was me,...and is has been before,....I wouldn't (and didn't) even worry about that.

Our ISP is also our DNS Host (authoritative DNS).  They gave us the new IP Range, replaced the old router with a different one that was preconfigured when they brought it over and corrected our DNS records "all at once" and there was pretty much no downtime at all.  I never ran both the "old" and the "new" at the same time,...it was a clean cut-over.  We did leave the old equipment in place for a bit "just in case", but we never had to use it.

But our ISP is local (not some nation "chain"),...I can call them on the phone, a human answers,...or I can drive over there in the car and look them in the eye personally.  I don't know if yours is that way.
0
 
dqnetAuthor Commented:
Ok, i've got the new range.. i'm not too sure how to route this now..
I've fired up my cisco router,
enable
int vlan1
ip address xxx.xxx.xxx.xxx 255.255.255.240 secondary

i've added the nat on the pix with an ip on the new range
no luck

can someone shed some light..?
0
 
dqnetAuthor Commented:
-Router(config-if)#ip address xx.xx.xx.xx 255.255.255.240 secondary
Bad mask /28 for address xx.xx.xx.xx



if thats even the command i should be using?
im using this site as a reference
http://www.itsyourip.com/cisco/configure-multiple-ip-address-on-a-cisco-router-interface/
0
 
dqnetAuthor Commented:
ok wait, my mistake i started the command at the first usable and the network address so the command went through ok.. i've done a nat on the pix but its not working?
0
 
dqnetAuthor Commented:
Ignore! All working! :)
Awesome!
0
 
Ernie BeekExpertCommented:
I knew you could do it ;)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

  • 9
  • 5
  • 4
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now