Improve company productivity with a Business Account.Sign Up


Networking, CIDR Routing + TMG2010

Posted on 2013-01-18
Medium Priority
Last Modified: 2013-05-19
Mission: Integrate new CIDR block.

I have recently been assigned a CIDR Block. This block will have 32 IPs in it and I need to setup the routing/nating.

Here is what i have now: 1xTMG2010 Server this server is currently used as my gateway/edge firewall, NAT, router - very similar to a Sonicwall or Netscreen.

The above scenario works like this:

1) Public IPs assigned to 1 network interface on my TMG server (64.80.x.x)
2) 1 Netgear Switch (TMG server is plugged into it)
3) Second NIC on my TMG server with a range of 192.168.1.x

The above is working as expected, i ordered more IPs because i am setting up new servers and need the additional IPs.

Here is what i need to accomplish:

I have a Netgear FVS336G, and of course my TMG server. I now need to setup CIDR based routing. I have been told by cox that if i want anymore than 8 ips i have to have my own routing hardware. << My Netgear FVS firewall does support this.

My new block is as follows:

Customer: < Gateway < Mask

WAN: : WAN IP : Mask Gateway

Internal Network: (Stays the same) All of my servers are connected on the internal network.
192.168.1.x < TMG Server, This is what i currently point my client PCs to for the default gateway.

I want to accomplish the following: 1) Have all traffic pass through both firewalls (TMG + Netgear) 2) Double-NAT is not an acceptable solution

The Netgear firewall (WAN Side) will be the device that is connected to the Cable Modem, The TMG firewall will be connected to the (LAN Side) of the firewall.

I want to have the public IPs on my TMG Server << And that is where i am getting lost.

Can i assign 1 of my "Public IPs" on my (LAN Side) of the firewall?

And then the rest of them on my "TMG External NIC" that is connected to the LAN side of my firewall?

Thats where i am getting lost since i cant use Double-NAT but i still want to use my TMG firewall.

Sorry if this is confusing i am having a hard time understanding how to make this work correctly and am so hoping someone can assist....

Question by:castellansolutions
  • 3
  • 2
  • 2
LVL 12

Expert Comment

ID: 38795712
I want to have the public IPs on my TMG Server << And that is where i am getting lost.

Does your router support 1 to 1 NAT?

Author Comment

ID: 38795754
Yes. It does. Here is what i tried:

1) I set the ISPs WAN IP on my WAN1 port of the Netgear, i plugged that in to the cable modem.
2) I set the LAN Port on the netgear to my WAN IP
3) I enabled Classical Routing

I cannot ping anything from my laptpo which i set to 1 one of my other Public IPs. So it didnt work at all. If i enable NAT then it all works as expected except i get the external IP of my ISP. And not my static IPs.

This is with my laptop and nothing else in between.
LVL 12

Expert Comment

ID: 38795769
Wait, you are setting Public IP's on all your devices? Including your laptops? No wonder I was getting confused.

How many devices do you need to ping from the outside? IE. device you "DO NOT" want to be protected by your firewall.

This is in effect what you are doing when you give a device a public ip address directly. You also need to give that same device the ISP's DNS servers as well as the proper gateway.
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

LVL 72

Expert Comment

ID: 38798250
Set up the Netgear to route inbound traffic for the network to the "public" NIC of your TMG. You can still implement firewall rules on Netgear, if needed, but TMG should be the "main" firewall, as it controls the NATting.

On TMG implement 1:1 NAT (or service based NAT, whatever you intend to do). For 1:1 NAT see .

If done correctly, public IPs are mapped to private IPs back and forth. Tests from inside might not work, depending on how the firewall rules are defined. In addition I'm not positive the TMG handles "hair-pinned" traffic correctly.

I do NOT recommend to try to route the public IPs thru TMG, as that would require to build a third, separated network (DMZ).

Author Comment

ID: 38798807
Ok so here is an update. I was trying to get this to work using just my laptop, firewall (netgear) and my cable modem.

I put the IPs in the correct place (Customer: LAN Side) (Provider: WAN Side) and was unable to route any traffic from my IPs to the internet or even my default gateway on the WAN side. But i could ping from my WAN Side.

I called COX and sure enough my routed CIDR Block isnt being routed yet. I have a ticket open and am waiting for them to resolve the issue.

Author Comment

ID: 39178611
I've requested that this question be deleted for the following reason:

Issue self resolved
LVL 72

Accepted Solution

Qlemo earned 2000 total points
ID: 39178600
Presumably it didn't resolve itself, but the routing at COX was implemented ...

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question