1811 Border Router w/ Multiple Subnet Blocks

CompuVision Admin · ‎12-16-2010

I have an 1811 as a border router. Initially we had one block from our ISP. We just got a second block of IP's and I'm not sure how to make this work.

Block #1 - Working

209.91.**.129-142 /28

Block #2 - Not Working

209.91.**.146-158 /28

The problem I'm having is block #1's gateway is 209.91.**.129 and block #2's is 209.91.**.145

How do I make it so I can use both blocks in my NAT entries?

Jon Marshall · ‎12-16-2010

CiscoCVS1 wrote:

I have an 1811 as a border router. Initially we had one block from our ISP. We just got a second block of IP's and I'm not sure how to make this work.

Block #1 - Working

209.91.**.129-142 /28

Block #2 - Not Working

209.91.**.146-158 /28

The problem I'm having is block #1's gateway is 209.91.**.129 and block #2's is 209.91.**.145

How do I make it so I can use both blocks in my NAT entries?

You could use a secondary IP address on your WAN interface but if the ** in your addresses is the same octet then these address are contiguous ie.

209.91.**.128/27 is the actual subnet you have been given by the ISP (if you combine both blocks). I would simply talk to the ISP to see if you can actually just change the subnet mask on your WAN interface from 255.255.255.240 to 255.255.255.224 and then simply use .129 as the default-gateway. This would be a lot simpler but you would need to check with the ISP as they would need to match at their end.

Jon

CompuVision Admin · ‎12-16-2010

I'm going to attempt to get the ISP to change it as suggested as I agree that would be ideal. If not though.

I'm confused on the default routes. Obviouslly anything in the 146-158 block needs to go through a different gateway right? How do I handle this?

I have an IP from the second block currently assigned to the interface and I don't seem to be able to get in/out on it.

Jon Marshall · ‎12-16-2010

CiscoCVS1 wrote:

I'm going to attempt to get the ISP to change it as suggested as I agree that would be ideal. If not though.

I'm confused on the default routes. Obviouslly anything in the 146-158 block needs to go through a different gateway right? How do I handle this?

I have an IP from the second block currently assigned to the interface and I don't seem to be able to get in/out on it.

Generally you wouldn't have a 2nd default route ie. you really only need to use the one default-route because as long as the ISP routes traffic for the new subnet to your existing WAN ip address it should all work fine. If you are only using this for NAT then you don't actually need to allocate any of the new addresses to the WAN interface at all.

I'm assuming that there is actually only one physical link between you and your ISP ?

If so then forget about secondary addressing, not a particuarly good suggestion. Either do what was proposed in original thread or even easier for you just make sure the ISP is routing the new subnet to your existing WAN IP, that way you do not need to even change the subnet mask and you can simply keep the existing default-route.

It is definitely worth checking with your ISP because either of the above is much simpler for you (and probably the ISP as well) than messing around with 2 default-routes etc.

Jon