Re: default gateway on different network - Page 2

richmorrow624 · ‎08-24-2006

I have a DSL connection that is up and working (not the real address):

IP Address 199.x.143.x.255.255.224

Default Gateway 199.x.143.129

We have purchased another block of addresses from the provider:

199.99.x.73-78 255.x.255.248

I have been instructed by the provider to use the same default gateway as the original IP address (they told me the other addresses are routed to the original ip address).

Is it possible to give a PIX firewall an external address and point it to the default gateway on the different network.

I have tried this with a workstation and it works ok, but I am wondering if it will work with the PIX.

I have to provide a solution for a customer to access the Internet, and he says this will not work.

richmorrow624 · ‎08-27-2006

Did you see in one of the previous posts that I was able to ping and address .68 I think,

in the range but not in the new subnet of

73-78.

If that is the case, why not just give me the new default gateway also?

Edison Ortiz · ‎08-27-2006

Richard,

"If that is the case, why not just give me the new default gateway also?"

I recommend demanding the ISP just that. If they don't, then running the secondary IP on your router seems to be the only feasible option here.

richmorrow624 · ‎08-27-2006

Edison,

Thanks for all the great replys,

I really appreciate you guys.

Richard Burts · ‎08-27-2006

Richard

Assuming that the provider is subnetting with mask 255.255.255.248 which you originally indicated then your addresses are in subnet .72. Addresses 73 through 78 are the useable addresses in that subnet. .79 would be the broadcast address for that subnet and .80 is the beginning of a new subnet. If you could ping the .68 address then it belongs in subnet .64 and is probably part of a different custome network.

When your provider gave you the first address block they assigned one of the addresses (actually the first address in the block) to their equipment to give you a gateway address and to enable your Internet access. You route to the Internet through that gateway address. They route back to you because everything in that subnet is in a connected subnet as far as their routig logic is concerned. So when they want to get to you they ARP for your address and traffic flows into that subnet.

When they assigned the second address block there was no need for them to assign an address in that block to their equipment. They just configured a static route for the .72 subnet with your router address as the next hop for that static route. Now they can accept traffic from that new subnet and they can route back to that new subnet. But they do not have a gateway address in the new subnet.

As I understand the situation you would like to treat the second address block as if it were a separate connection and keep that traffic out of your network. If you want it to be a separate connection then I think that you might ask the provider is they could assign an address in the new subnet to their equipment providing an independent gateway for the new subnet. I suspect that will complicate things for them. The other alternative is to contract with the provider for a second DSL connection.

So long as you contract with the provider for a second block of addresses on the only connection then I do not see much alternative to configuring a secondary address and to have their traffic come to your interface and then get forwarded to the provider.

HTH

Rick

HTH

Rick