Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
225
Views
0
Helpful
1
Replies

ISP is delivering a block of addresses... different than I'm used to

Nathan Farrar
Level 1
Level 1

‎12-17-2015 05:36 AM - edited ‎03-05-2019 02:57 AM

Typically when requesting a block of IP addresses from an ISP, you get something like this:

 

Subnet - 11.12.13.0/28

Gateway 11.12.13.1

Useable Range - 11.12.13.2 - 11.12.13.14

 

This is where you are part of a subnet and you point your traffic to the default gateway in that subnet and the remaining addresses are yours to do what you want with in your network.

 

I recently have been involved with an ISP block delivered like this:

 

ISP Serial - 11.12.13.1/30

Customer Serial - 11.12.13.2/30

LAN Block - 20.21.22.0/29

 

This gives me a useable range of addresses of 20.21.22.1 - 20.21.22.7 correct? 

Can I deal with this block and point to point link on one router?

Let's say all I have is a router (actually an ASA in my case but I'll deal with those specifics later). The ISP is connected to s3/0 using the assigned IP address from the ISP. Then from this point I would want to do the following:

 

1. Assign 1:1 NAT for servers as needed

2. Use 2 addresses for PAT with an internal private network.

 

I'm labbing this up and not seeing how this is done. I think I need to have an additional router in order to make this work, is that correct?

 

If my fa0/1 interface is using 192.168.0.1 255.255.255.0 and I want the network behind that to to PAT to say 20.21.22.2 how would I configure that? s3/0 has the /30 network, fa0/1 has the 192.168.0.0/24 network.. I don't imagine that I could assign the ip nat outside command to the s3/0 interface then NAT/PAT to one of the addresses in the assigned block for the fa0/1 interface, could I? It's not coming together and I think I need a L3 switch or some other router in front of my ASA in order to make this work. Could this be done with a VRF instance?

Thanks!

Labels:
0 Helpful
1 Reply 1

Kelvin Willacey
Level 4
Level 4

‎12-17-2015 07:11 AM

It's not uncommon to have a setup like that and it can work. You would assign the /30 to your ASA interface and use the assigned address block in your NAT rules. You might want to take a look at the post below as your experience may differ depending on the software version the ASA is running and how the ISP has their end configured.

https://supportforums.cisco.com/discussion/11848306/arp-permit-nonconnected

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card