1 Reply Latest reply on Feb 9, 2017 2:50 PM by jayh

    Add a public IP subnet

    alanb New Member

      I have a Netvanta 3140 connected to an ISP that has allotted me a /27 subnet.  I currently have that working and have some servers running behind NAT with the first four public IP address mapped to those servers.  Everything is working OK right now.  The WAN is on giga-eth 0/3 and my NAT'd LAN is on giga-eth 0/1 leaving giga-eth 0/2 open right now.

       

      I'd like to use giga-eth 0/2 for the host with a public IP address.  I'm assuming I need to create a smaller subnet and for that, since it will only be one host, I'd like to keep it at a /30 if possible (to keep from burning so many addresses.)

       

      I've added a secondary IP address with a /30 subnet to the WAN intending on using the first usable address within the subnet for the gateway and the second usable address as the host IP but I'm stumped on how to route this to the giga-eth 0/2 port.

       

      Can someone help me with this?  Is this how I should have started or is there a better way which might allow me to add MORE public IPs (not private IPs mapped to a public which I already have on giga-eth 0/1) in the future.

       

      Incidentally, this is for a VoIP PBX that's about to be added and the SIP Trunk supplier requires the PBX to work on a public IP.

      Thanks.

        • Re: Add a public IP subnet
          jayh Hall_of_Fame

          alanb wrote:

           

          I have a Netvanta 3140 connected to an ISP that has allotted me a /27 subnet. I currently have that working and have some servers running behind NAT with the first four public IP address mapped to those servers. Everything is working OK right now. The WAN is on giga-eth 0/3....

          Gig 0/3 connects to your ISP? Is this the /27 subnet, or did they route the /27 to you via a /30 that's native on gig 0/3?

           

          If the /27 is routed to gig 0/3 then make a VLAN interface for it, and configure gig 0/2 and 0/3 to be access ports in that VLAN. They'll just bridge. Use an IP within that range for your public host, with the /27 mask and your ISP's gateway.

           

          If the ISP is using a /30 as the link to you and the /27 has no physical interface then configure gig 0/2 as the /27 subnet or DMZ. Keep your existing NAT policies, assign an IP within the /27 as the host and use the IP on gig 0/2 as its gateway. Create access-policies for it to route to the ISP and vice-versa.