[SOLVED] Spliting Leased line Static IP Addresses to Multiple Router/Firewall

[Safeeque]

I am having 5 static IPs from my ISP. ISP Modem have only one port and one cable for these IPs. Now i need to connect Internet to My Router with one static iP and Firewall with My other IP Addresses. How can i do that with out putting a switch between ISP Modem and Router and Firewall.

 

[failboat]

You need a switch

 

[bill001g]

It all depends on how the ISP delivers these IP. To do what you want you actually have to route the ip addresses.

The ISP could route the other 4 IP to the ip you are using on your router and then you could route it to other devices. This is very messy when you have limited IP like this because you are going to have to use the concept of loopback ip and use private ip for the connection between the main router and the end devices. You do not have enough to waste to use normal subnets.

In any case I suspect this is not a option for a number of reasons. First you would need a actual router that understands routes and not the boxes they sell in the consumer stores. Next you would need your ISP to do the routing. And last and I suspect more important the IP are likely delivered via dhcp on your modem. This means you would need to put a switch behind the modem.

Now if this happens to be ATT uverse offering this you have no hope they use some strange 1-1 NAT to make this work.

 

[nigelivey]

You need a switch.

 

[Safeeque]

It all depends on how the ISP delivers these IP. To do what you want you actually have to route the ip addresses.

The ISP could route the other 4 IP to the ip you are using on your router and then you could route it to other devices. This is very messy when you have limited IP like this because you are going to have to use the concept of loopback ip and use private ip for the connection between the main router and the end devices. You do not have enough to waste to use normal subnets.

In any case I suspect this is not a option for a number of reasons. First you would need a actual router that understands routes and not the boxes they sell in the consumer stores. Next you would need your ISP to do the routing. And last and I suspect more important the IP are likely delivered via dhcp on your modem. This means you would need to put a switch behind the modem.

Now if this happens to be ATT uverse offering this you have no hope they use some strange 1-1 NAT to make this work.

My Requirement is Currently i have two Internet connection from ISP. One is leased line and other one is broadband. Leased line is connected to firewall which is used for special services for servers,DMZ, Exchange etc.. Those are NATed to various public IPs through Firewall. The Broadband connection from ISP is connected to Router. Which is used for VPN ( DMVPN) with my other 3 sites. Routing (EIGRP) to these 3 sites as well. The End users network also access Internet through broadband.

Now if am moving to another location where there is only leased line with 5 Public IPs (No Broadband Connection). How can i configure my current setup. If am trying to connect DMVPN through firewall which is not supported. How can i do that or what should be the changes i need to make on my current setup ?

 

[Safeeque]

My Requirement is Currently i have two Internet connection from ISP. One is leased line and other one is broadband. Leased line is connected to firewall which is used for special services for servers,DMZ, Exchange etc.. Those are NATed to various public IPs through Firewall. The Broadband connection from ISP is connected to Router. Which is used for VPN ( DMVPN) with my other 3 sites. Routing (EIGRP) to these 3 sites as well. The End users network also access Internet through broadband.

Now if am moving to another location where there is only leased line with 5 Public IPs (No Broadband Connection). How can i configure my current setup. If am trying to connect DMVPN through firewall which is not supported. How can i do that or what should be the changes i need to make on my current setup ?

 

[bill001g]

Going to be tricky because you are running IPSEC and the addition complexity of dmvpn. I though dmvpn has options to tolerate NAT but it has been a very long time since I looked at those configurations.

Since it appears you have commercial equipment why can you not just put in a static route in the firewall for a /32 route for the ip you want and point it to the vpn router using private ip for the connection between the firewall and the router.. You would have to reconfigure the vpn to use the a loopback ip rather than the so called "wan".