02-17-2022 06:25 AM
Hello all,
We are upgrading our Internet in a few weeks and the ISP has provided our new IP blocks in a slightly different configuration than I am used to, they have given one block for the WAN and a separate block for the usable IP address. So I have a routing question.
I am used to everything being in the same block so other than a default route there isn't any routing to do, in this case will there be a route statement I will have to use to make sure the traffic passes from network to network?
For example let's say the WAN block is 40.231.1.x/29 and the Usable block is 40.231.5.x/27
Obviously the ISP equipment connecting to our firewall will be on the 40.231.1.x/29 network but nothing will be directly connected to the other network, we'll be using the usable IP addresses for NAT to internal systems. Will I have to create a route statement to pass the traffic to that network or for that traffic to get out of the network?
Does this question makes sense? I believe I have run across this once quite a while ago and I don't remember how I handled it then, it's been a while.
Firewall equipment is an ASA 5508 just in case that is helpful.
Thanks,
02-17-2022 06:39 AM
I am not sure that I completely understand your question, and do not know much about your environment so can provide only partial answers. Providing 2 address blocks is not uncommon. As you observe one block is for IP connectivity between your device and the ISP device. The other block is for address translation for your devices accessing the Internet (and possibly for Internet devices accessing your network).
In my experience you should not need any additional routing statements to work with the second block of addresses. The ISP will forward traffic for that block to you, your firewall will receive the traffic with destination address in the second block, will use its translate tables to determine the appropriate internal address and will then forward to that address. No additional route statements needed.
Note that you would use part (or perhaps all) of the new block for dynamic translation of traffic originating in your network and going to the Internet. You may also use part of the new block for static translation, which would be required in you want sources in the Internet to initiate traffic to some devices inside your network (web servers, etc). But this would not require any additional route statements.
02-17-2022 07:41 AM
Thanks for the reply, yeah it sounds like you understood what I was getting at, I agree it's probably not uncommon but for me I have only dealt with it once before and that was quite a while ago.
Have a good day.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide