Hi Peter,  

Hi,

Before we can answer your question there is one thing we need to clarify: Are you going to continue receiving your provider's specific IP addresses on your Dialer1 interface dynamically and use the 200.200.200.16/30 in addition to these addresses,

R/ Yes ... 

or are you supposed to actually configure these public IP addresses on your Dialer1 interface directly?

R/ No.

You have indicated that 200.200.200.17 is going to be your gateway -

R/ Yes 

that would mean that your router is supposed to use the 200.200.200.18/30 address on its Dialer1 interface,

R/ My Dialer one is a PPPoE static IP address already as my shown below

scorpion-router#sh ip int bri
Interface                  IP-Address      OK? Method Status                Protocol
ATM0                       unassigned      YES manual up                    up
ATM0.1                     unassigned      YES DHCP   up                    up
Dialer1                      200.200.135.149 YES IPCP   up                    up
Ethernet0                  192.168.0.1     YES NVRAM  up                    up
FastEthernet1              unassigned      YES unset  up                    up
FastEthernet2              unassigned      YES unset  up                    up
FastEthernet3              unassigned      YES unset  up                    up
FastEthernet4              unassigned      YES unset  administratively down down
Virtual-Access1            unassigned      YES unset  up                    up
scorpion-router#

and that would consume all usable addresses from your range.

R/ That's what I am trying to figure out  ... I lost already the .17 and will be using the 200.200.200.18 (only usable)

Is this really the way your provider is working?

R/ Yes 

It is possible but it would be surprisingly wasteful.

R/ When I was told that 200.200.200.17 is only used as gateway ... I took it anyway because I only need 1 more public IP for now.  

Are there any more technical information provided by your ISP you can post here to help us understand how you are supposed to use these new IPs?

R/

Here are the info I got from my ISP

200.200.200.16/30

200.200.200.17   (has to be my gateway)

200.200.200.18 (I endup with this only usable IP)

Plus the current public IP address I have from dsl connection. (IP: 200.200.135.149)

The are on separate subnets 

Didier 

Hi Didier,

I have a feeling that there is a misunderstanding between your ISP and you. I would personally believe that you have got the entire IP space 200.200.200.16/30 with all IPs actually being usable, and that the ISP is configured to route the entire IP space to your  router. How the router deals with these IP addresses is another story - most probably, you would use NAT to forward traffic for these IP addresses back to your internal network.

I suggest doing a very simple test. Create a Loopback interface on your router as follows:

interface Loopback1234
 ip address 200.200.200.16 255.255.255.255
 ip address 200.200.200.17 255.255.255.255 secondary
 ip address 200.200.200.18 255.255.255.255 secondary
 ip address 200.200.200.19 255.255.255.255 secondary

Now try pinging a working public IP address, e.g. 8.8.8.8, using these four IP addresses as the source IP address:

ping 8.8.8.8 source 200.200.200.16
ping 8.8.8.8 source 200.200.200.17
ping 8.8.8.8 source 200.200.200.18
ping 8.8.8.8 source 200.200.200.19

If these pings are successful then my suspicion is confirmed - your ISP simply forwards this entire space to you and it is up to you to use it wisely. If none of these pings is successful then we have to experiment more.

Looking forward to hearing back from you!

Best regards,
Peter

Hi Peter,

You got it right ...You suspicion is confirmed

After creatinf the loopback interface ... the pings were successful 5/5

scorpion-router#ping 8.8.8.8 source 200.200.200.16
 
 Type escape sequence to abort.
 Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
 Packet sent with a source address of 200.200.200.16
 !!!!!
 Success rate is 100 percent (5/5), round-trip min/avg/max = 16/21/24 ms
 scorpion-router#ping 8.8.8.8 source 200.200.200.17
 
 Type escape sequence to abort.
 Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
 Packet sent with a source address of 200.200.200.17
 !!!!!
 Success rate is 100 percent (5/5), round-trip min/avg/max = 20/24/28 ms
 scorpion-router#ping 8.8.8.8 source 200.200.200.18
 
 Type escape sequence to abort.
 Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
 Packet sent with a source address of 200.200.200.18
 !!!!!
 Success rate is 100 percent (5/5), round-trip min/avg/max = 20/24/28 ms
 scorpion-router#ping 8.8.8.8 source 200.200.200.19
 
 Type escape sequence to abort.
 Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
 Packet sent with a source address of 200.200.200.19
 !!!!!
 Success rate is 100 percent (5/5), round-trip min/avg/max = 24/24/24 ms
 scorpion-router#

Didier 

Hi Didier,

Thanks for letting me know! Okay, so now, the question is how to use these four IP addresses so that in the best case, you do not lose any of them.

In my opinion, the easiest way would be to use static NAT/PAT to map these IP addresses to internal IPs and/or ports according to your needs. In this case, you are not assigning your 200.200.200.16/30 space to an interface, and therefore you are not in fact using it as a subnet but just as a set of 4 IP addresses, out of which none needs to be reserved as a subnet, gateway, or broadcast address.

Does this make any sense?

Best regards,
Peter

Make sense Peter,

So that means by using NAT/PAT ... I can still keep the current NAT ... from my PPPoE ip address to my internal private IP;s  192.168.x.x ? 

Sounds good 

Thanks 

Hi Didier,

Yes, you can add additional NAT/PAT rules that will coexist with your current NAT/PAT.

How did you originally intend to use the additional public IP space? Do you need more public IPs to do your PAT because of lots of internal IPs and flows, or do you intend to make more inside machines to be publicly accessible?

Best regards,
Peter

Hi Peter,

I am running few servers behind my cisco router with internal ip 192.168.x.x. All my severs have the same public IP (PPPoE static and public IP). For my learning and testing purpose (DNS,mail and other apps/servers) I need to use additional public Ips, reason why I requested additional /30. All my public Ips will be natted to internal Ips ...your suggestions are welcomed. 

Yes I intend to make my inside machines publicly accessible 

Thanks sooo much Peter ... that sounds so simple for you but I can tell you that i spent countless hours trying to figure this out ... 

Allow me to close this ticket in 2 days after my testings