06-29-2012 02:53 AM - edited 03-04-2019 04:50 PM
We currently have an office in Tokyo that connects to the ISP using a PPPoE connection on an ASA. The ISP has supposedly assigned us a public /28, but I can't work out how to use any of the addresses other than the one that we use on the outside of firewall (which is part of this /28 block)
I tried to configure the IP address on the outside interface with a /28 mask, but it just reset the interface and changes the config back to a 32 bit mask
ip address X.X.X.X 255.255.255.255 pppoe setroute
We're going to replace the firewall with a router of some sort and have that do the PPPoE, but I don't know if I'll have the same problem.
Does anyone know how I can use these other addresses?
Will a router only be able to use a /32 address on the dialer?
Would I even be able to subnet the /28 down and host a /29 or something beind the router (when installed)?
Many Thanks in advance
Dom
Solved! Go to Solution.
06-29-2012 06:03 AM
They are probably using a sticky static for your device connected to them and then routing your network down that interface. So you should be able to use the /28 on the back side of the router off a different Ethernet port or another port off the Asa.
Sent from Cisco Technical Support iPad App
06-29-2012 06:03 AM
They are probably using a sticky static for your device connected to them and then routing your network down that interface. So you should be able to use the /28 on the back side of the router off a different Ethernet port or another port off the Asa.
Sent from Cisco Technical Support iPad App
07-06-2012 03:29 AM
Thanks for the reply Ryates, I havae split the /28 in half and can route to one half of it if I configure it behind the ASA, which is great.
You said that should be able to route to the whole /28 behind the firewall - If I split the subnet in half, the address assigned to the outside by PPPoE is in the top half of the subnet, which is why I configured thee bottom half beghind the firewall.
Are you saying that I should be able to have the /32 address on the outside, and the the whole /28 behind the firewall? The addresses will be overlapping but these sort of connections seem to work in strange ways (eg a default route not on the same subnet) so nothing would surprise me
Cheers, Dom
07-06-2012 06:50 AM
Hi,
You can use static nat on your router. or you can assign nat pool and add nat rule to use it. this is probably better than assigning the /28 to your Fast Ethernet port for so you don't loose 2 IP addresses and it would be easier to change public IP address assignements.
HTH
Don't forgrt to rate useful answers.
07-12-2012 08:52 AM
Hi Iyad, thanks for your suggestion, but I want to have the routeable public subnet behind the firewall/router as I need to host some third party eqpt there that needs to be on the internet
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide