Cisco 5505 IP Configurations

jonny_ash43 · ‎07-26-2011

Hi all, appologies if this is fairly basic stuff but I am relatively new to firewalling.

I have purchased a subnet of 8 private IP addresses from my ISP. 109.x.x.128/29

The ISP has placed a juniper router within our data centre which is routing purely from 109.x.x.206/30 to 109.x.x.128/29 with the ip of fa0/1 set to .129.

I have linked a cisco 5505 to fa0/1 of the juniper from fa0/0 and configured its IP to .130. I have configured NAT to translate our client pool 192.168.16.x /24 address' to the internet.

Is it possible for the 5505 to route / map my remaing private IP addresses through its external port? I have tried creating a seperate VLAN for a DMZ for our servers to sit within but am returned with a subnetting error as VLAN for my external port is all ready configured within the same subnet.

Any help would be greatfully appreciated.

Jonathon

varrao · ‎07-26-2011

Hi Jonathan,

You would definitely need to use a IP range different to what you are using for the outside interface for the DMZ. You cannot have the same subnet range on two different interfaces. Although if you have a different range on DMZ, you can nat the dmz servers to the outside interface public ip when they access the internet.

Hope this helps,

Thanks,

Varun

Thanks,
Varun Rao

Lee Valentin · ‎07-26-2011

Johnathan, as Varun stated, you would need to create a new VLAN (ex. 10.10.10.0/24) using private IP Addresses and create static NATs for your servers and add access lists to allow access to servers from the outside.

static (outside,dmz) 109.x.x.132 10.10.10.x netmask 255.255.255.255

Another option would be to put the servers on the 'Outside' VLAN and IP the servers with external IP addresses. I realize that the requirement is to put the devices behind the firewall but it's another option.

Good luck