Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3726
Views
45
Helpful
30
Replies

IP addressing design question

Go to solution
Kevin Melton
Level 2
Level 2

‎05-24-2010 11:51 AM - edited ‎03-04-2019 08:35 AM

Forum

I have a rather interesting design dilema at a client site.  The client is preparing to install a router betweent themselves and a business partner for some data exchange.  While discussing this with my collegues, we determined the best place to put the Business Partner router was in our WAN network.  Our WAN network operates in address space 192.168.15.0/24.  We currently have three other routers in that WAN network (one for MPLS, one for Frame, and one for the backup ISDN.  The addresses are 15.50 (MPLS rtr), 15.4 (Frame) and 15.5 (ISDN).

This WAN network has a gateway to get to the clients INside networks at the client ASA (WAN interface IP 192.168.15.1).  During planning sessions with the Business Partner a month ago, we told them that we were assigning them the IP address 192.168.15.10 and placing them into the WAN network.  We were then going to NAT the devices on the Inside networks that need to talk to the BP and add the appropriate ACL entries to the ACL which we already have in place inbound on the WAN interface on the ASA.

During turn up activities with the business partner today, we found out that they cannot use the 192.168.15.10 address because there company policy mandates that they use IP address scheme 172.27.X.X.

There is a 3750 switch in between the routers and the ASA.  We have a VLAN created on the switch for the WAN network.

I am not sure how to get the IP address 172.27.6.130 on the BP router to route to the 192.168.15.1 interface on the ASA.

If need be I guess we could always create another VLAN on the switch and give it a 172.27.X.X address.  Then the switch would have to route to the 15.0 WAN network.

DIAGRAM IS  ATTACHED

I am open for any suggestions here.

Thanks

Kevin

Labels:
66900-Client WAN network.vsd.zip
0 Helpful
30 Replies 30

Go to solution
Kevin Melton
Level 2
Level 2
In response to Jon Marshall

‎05-26-2010 08:10 AM

Jon

I am really impressed with what you have had to do at Network Rail in the past.  Yes sometimes this stuff which seems like you would be able to get it to work without much issue can be inherently problematic.

One of your last recommendations was to place the more specific NAT in the configuration on the ASA prior to the more general one.  This has worked so far.  I did not get the error message indicating conflict like in the past.

I am still waiting on the BP at this point.  The BP router is actually (found out yesterday) managed by Verizon, so even the BP does not have any more than Privilged mode on the box, and no PRIV EXEC.  So the BP has to contact Verizon any time they want to make a change.  I am hoping that they can now add he route for the 172.16.7.0/24 network, and in light of the fact that I added the route on the switch to ship traffic to the ASA, and then also placed the route on the ASA to ship traffic for the 172.16.7.0/24 to the switch interface @ 192.168.15.2, we may finally have success.

I will let you know.  Thanks again for sharing all of your insight from past experience.  This has gotten messy.  The only thing management cares about is "get it working".  You know the drill.

I will keep you posted.

Kevin

0 Helpful
Customers Also Viewed These Support Documents