How to add 2nd address

Discussion in 'Cisco' started by Ste, Sep 11, 2004.

  1. Ste

    Ste Guest

    Hi,

    We have 14 public IP addresses configured in Cisco 2600 as follows:

    interface Fastethernet0/0
    ip address 65.111.111.129 255.255.255.240

    Recently we have acquired 16 more public IP addresses in different subnet,
    such as 65.222.222.240 - 254..

    How can I add the new IPs to router, so that the FW behind can use them?
    On FW behind Cisco 2600, can I still use 65.111.111.129 as gateway, or have
    to add more?

    Help is very grateful.

    Ste
     
    Ste, Sep 11, 2004
    #1
    1. Advertising

  2. Ste

    PES Guest

    "Ste" <> wrote in message
    news:...
    > Hi,
    >
    > We have 14 public IP addresses configured in Cisco 2600 as follows:
    >
    > interface Fastethernet0/0
    > ip address 65.111.111.129 255.255.255.240
    >
    > Recently we have acquired 16 more public IP addresses in different subnet,
    > such as 65.222.222.240 - 254..
    >
    > How can I add the new IPs to router, so that the FW behind can use them?
    > On FW behind Cisco 2600, can I still use 65.111.111.129 as gateway, or
    > have
    > to add more?
    >
    > Help is very grateful.
    >
    > Ste



    Create a static route pointing everything that is destined to your newly
    allocated block to the public ip address of the firewall. In your example
    (and assuming the public ip on the fw is 65.111.111.130).

    ip route 64.222.222.240 255.255.255.240 65.111.111.130

    This should route 64.222.222.241-254 to your firewall. Outbound traffic
    will be sent to the 65.111.111.129 from the firewall. This is not a
    problem, that address is never entered into the packet. Basically, inbound
    is self explanatory. An outbound packet from the new pool would be first
    processed by the firewall. The firewall would likely change the source
    address to an address in the new pool. The firewall would then arp the
    default gateway (65.111.111.129) and get its mac address. The packet with
    the source ip address from the pool and the unaltered destination ip address
    would be forwarded to the mac address retrieved from the arp. All should
    work.
     
    PES, Sep 12, 2004
    #2
    1. Advertising

  3. Ste

    Ste Guest

    PES,

    Thanks a lot for the help. But do I need to add 2nd addresses group on
    the eth0/0?

    Ste


    "PES" <NO*SPAMpestewartREMOVE**SUCKS> wrote in message
    news:41438a08$...
    >
    > "Ste" <> wrote in message
    > news:...
    > > Hi,
    > >
    > > We have 14 public IP addresses configured in Cisco 2600 as follows:
    > >
    > > interface Fastethernet0/0
    > > ip address 65.111.111.129 255.255.255.240
    > >
    > > Recently we have acquired 16 more public IP addresses in different

    subnet,
    > > such as 65.222.222.240 - 254..
    > >
    > > How can I add the new IPs to router, so that the FW behind can use them?
    > > On FW behind Cisco 2600, can I still use 65.111.111.129 as gateway, or
    > > have
    > > to add more?
    > >
    > > Help is very grateful.
    > >
    > > Ste

    >
    >
    > Create a static route pointing everything that is destined to your newly
    > allocated block to the public ip address of the firewall. In your example
    > (and assuming the public ip on the fw is 65.111.111.130).
    >
    > ip route 64.222.222.240 255.255.255.240 65.111.111.130
    >
    > This should route 64.222.222.241-254 to your firewall. Outbound traffic
    > will be sent to the 65.111.111.129 from the firewall. This is not a
    > problem, that address is never entered into the packet. Basically,

    inbound
    > is self explanatory. An outbound packet from the new pool would be first
    > processed by the firewall. The firewall would likely change the source
    > address to an address in the new pool. The firewall would then arp the
    > default gateway (65.111.111.129) and get its mac address. The packet with
    > the source ip address from the pool and the unaltered destination ip

    address
    > would be forwarded to the mac address retrieved from the arp. All should
    > work.
    >
    >
    >
     
    Ste, Sep 12, 2004
    #3
  4. Ste

    PES Guest

    "Ste" <> wrote in message
    news:...
    > PES,
    >
    > Thanks a lot for the help. But do I need to add 2nd addresses group on
    > the eth0/0?
    >
    > Ste


    Should not be necessary, if you add a static route for the pool to the
    firewall. If you add a secondary address to the interface, it will arp for
    those addresses instead of sending them straight to the firewall. That
    should also work, using an "ip address x.x.x.x x.x.x.x secondary", assuming
    the fw will respond to arp's for that pool. Note however, the traffic from
    the fw outbound will only arp for the gw and direct the packet there. That
    however should still work.

    >
    > "PES" <NO*SPAMpestewartREMOVE**SUCKS> wrote in
    > message
    > news:41438a08$...
    >>
    >> "Ste" <> wrote in message
    >> news:...
    >> > Hi,
    >> >
    >> > We have 14 public IP addresses configured in Cisco 2600 as follows:
    >> >
    >> > interface Fastethernet0/0
    >> > ip address 65.111.111.129 255.255.255.240
    >> >
    >> > Recently we have acquired 16 more public IP addresses in different

    > subnet,
    >> > such as 65.222.222.240 - 254..
    >> >
    >> > How can I add the new IPs to router, so that the FW behind can use
    >> > them?
    >> > On FW behind Cisco 2600, can I still use 65.111.111.129 as gateway, or
    >> > have
    >> > to add more?
    >> >
    >> > Help is very grateful.
    >> >
    >> > Ste

    >>
    >>
    >> Create a static route pointing everything that is destined to your newly
    >> allocated block to the public ip address of the firewall. In your
    >> example
    >> (and assuming the public ip on the fw is 65.111.111.130).
    >>
    >> ip route 64.222.222.240 255.255.255.240 65.111.111.130
    >>
    >> This should route 64.222.222.241-254 to your firewall. Outbound traffic
    >> will be sent to the 65.111.111.129 from the firewall. This is not a
    >> problem, that address is never entered into the packet. Basically,

    > inbound
    >> is self explanatory. An outbound packet from the new pool would be first
    >> processed by the firewall. The firewall would likely change the source
    >> address to an address in the new pool. The firewall would then arp the
    >> default gateway (65.111.111.129) and get its mac address. The packet
    >> with
    >> the source ip address from the pool and the unaltered destination ip

    > address
    >> would be forwarded to the mac address retrieved from the arp. All should
    >> work.
    >>
    >>
    >>

    >
    >
     
    PES, Sep 12, 2004
    #4
  5. Ste

    Ste Guest

    PES,

    The packet from Internet to our LAN is going through:

    1) Cisco 2600 (that is what we are talking about).
    2) Fortigate FW, not cisco kind of command based Fw.
    3) LAN

    Therefore, it would be appreciated if you elaborate what option applying to
    what device.

    Thanks,

    Ste





    <NO*SPAMpestewartREMOVE**SUCKS> wrote in message
    news:4143a2c6$...
    >
    > "Ste" <> wrote in message
    > news:...
    > > PES,
    > >
    > > Thanks a lot for the help. But do I need to add 2nd addresses group

    on
    > > the eth0/0?
    > >
    > > Ste

    >
    > Should not be necessary, if you add a static route for the pool to the
    > firewall. If you add a secondary address to the interface, it will arp

    for
    > those addresses instead of sending them straight to the firewall. That
    > should also work, using an "ip address x.x.x.x x.x.x.x secondary",

    assuming
    > the fw will respond to arp's for that pool. Note however, the traffic from
    > the fw outbound will only arp for the gw and direct the packet there.

    That
    > however should still work.
    >
    > >
    > > "PES" <NO*SPAMpestewartREMOVE**SUCKS> wrote in
    > > message
    > > news:41438a08$...
    > >>
    > >> "Ste" <> wrote in message
    > >> news:...
    > >> > Hi,
    > >> >
    > >> > We have 14 public IP addresses configured in Cisco 2600 as follows:
    > >> >
    > >> > interface Fastethernet0/0
    > >> > ip address 65.111.111.129 255.255.255.240
    > >> >
    > >> > Recently we have acquired 16 more public IP addresses in different

    > > subnet,
    > >> > such as 65.222.222.240 - 254..
    > >> >
    > >> > How can I add the new IPs to router, so that the FW behind can use
    > >> > them?
    > >> > On FW behind Cisco 2600, can I still use 65.111.111.129 as gateway,

    or
    > >> > have
    > >> > to add more?
    > >> >
    > >> > Help is very grateful.
    > >> >
    > >> > Ste
    > >>
    > >>
    > >> Create a static route pointing everything that is destined to your

    newly
    > >> allocated block to the public ip address of the firewall. In your
    > >> example
    > >> (and assuming the public ip on the fw is 65.111.111.130).
    > >>
    > >> ip route 64.222.222.240 255.255.255.240 65.111.111.130
    > >>
    > >> This should route 64.222.222.241-254 to your firewall. Outbound

    traffic
    > >> will be sent to the 65.111.111.129 from the firewall. This is not a
    > >> problem, that address is never entered into the packet. Basically,

    > > inbound
    > >> is self explanatory. An outbound packet from the new pool would be

    first
    > >> processed by the firewall. The firewall would likely change the source
    > >> address to an address in the new pool. The firewall would then arp the
    > >> default gateway (65.111.111.129) and get its mac address. The packet
    > >> with
    > >> the source ip address from the pool and the unaltered destination ip

    > > address
    > >> would be forwarded to the mac address retrieved from the arp. All

    should
    > >> work.
    > >>
    > >>
    > >>

    > >
    > >

    >
    >
     
    Ste, Sep 12, 2004
    #5
  6. Ste

    PES Guest

    "Ste" <> wrote in message
    news:...
    > PES,
    >
    > The packet from Internet to our LAN is going through:
    >
    > 1) Cisco 2600 (that is what we are talking about).
    > 2) Fortigate FW, not cisco kind of command based Fw.
    > 3) LAN
    >
    > Therefore, it would be appreciated if you elaborate what option applying
    > to
    > what device.
    >
    > Thanks,
    >
    > Ste
    >


    All commands and implementation tips I gave were on the 2600. Either method
    would work for a Cisco PIX fw. As for the Fortigate, I don't know how to
    enable it to receive the packets. I only know how to get the packets to it.
    The static route method would always do that. The seconary address method
    may or may not depending on if the Fortigate will respond to those arp's.

    >
    >
    >
    > <NO*SPAMpestewartREMOVE**SUCKS> wrote in message
    > news:4143a2c6$...
    >>
    >> "Ste" <> wrote in message
    >> news:...
    >> > PES,
    >> >
    >> > Thanks a lot for the help. But do I need to add 2nd addresses group

    > on
    >> > the eth0/0?
    >> >
    >> > Ste

    >>
    >> Should not be necessary, if you add a static route for the pool to the
    >> firewall. If you add a secondary address to the interface, it will arp

    > for
    >> those addresses instead of sending them straight to the firewall. That
    >> should also work, using an "ip address x.x.x.x x.x.x.x secondary",

    > assuming
    >> the fw will respond to arp's for that pool. Note however, the traffic
    >> from
    >> the fw outbound will only arp for the gw and direct the packet there.

    > That
    >> however should still work.
    >>
    >> >
    >> > "PES" <NO*SPAMpestewartREMOVE**SUCKS> wrote in
    >> > message
    >> > news:41438a08$...
    >> >>
    >> >> "Ste" <> wrote in message
    >> >> news:...
    >> >> > Hi,
    >> >> >
    >> >> > We have 14 public IP addresses configured in Cisco 2600 as follows:
    >> >> >
    >> >> > interface Fastethernet0/0
    >> >> > ip address 65.111.111.129 255.255.255.240
    >> >> >
    >> >> > Recently we have acquired 16 more public IP addresses in different
    >> > subnet,
    >> >> > such as 65.222.222.240 - 254..
    >> >> >
    >> >> > How can I add the new IPs to router, so that the FW behind can use
    >> >> > them?
    >> >> > On FW behind Cisco 2600, can I still use 65.111.111.129 as gateway,

    > or
    >> >> > have
    >> >> > to add more?
    >> >> >
    >> >> > Help is very grateful.
    >> >> >
    >> >> > Ste
    >> >>
    >> >>
    >> >> Create a static route pointing everything that is destined to your

    > newly
    >> >> allocated block to the public ip address of the firewall. In your
    >> >> example
    >> >> (and assuming the public ip on the fw is 65.111.111.130).
    >> >>
    >> >> ip route 64.222.222.240 255.255.255.240 65.111.111.130
    >> >>
    >> >> This should route 64.222.222.241-254 to your firewall. Outbound

    > traffic
    >> >> will be sent to the 65.111.111.129 from the firewall. This is not a
    >> >> problem, that address is never entered into the packet. Basically,
    >> > inbound
    >> >> is self explanatory. An outbound packet from the new pool would be

    > first
    >> >> processed by the firewall. The firewall would likely change the
    >> >> source
    >> >> address to an address in the new pool. The firewall would then arp
    >> >> the
    >> >> default gateway (65.111.111.129) and get its mac address. The packet
    >> >> with
    >> >> the source ip address from the pool and the unaltered destination ip
    >> > address
    >> >> would be forwarded to the mac address retrieved from the arp. All

    > should
    >> >> work.
    >> >>
    >> >>
    >> >>
    >> >
    >> >

    >>
    >>

    >
    >
     
    PES, Sep 12, 2004
    #6
  7. "Ste" <> wrote in message news:<>...

    Use the following:
    interface Fastethernet0/0
    ip address 65.111.111.129 255.255.255.240
    ip address 65.222.222.240 255.255.255.240 secondary

    This will work with 1700 series I am sure, possible it will work with 2600 as well.

    Good Luck
    Frank
    > Hi,
    >
    > We have 14 public IP addresses configured in Cisco 2600 as follows:
    >
    > interface Fastethernet0/0
    > ip address 65.111.111.129 255.255.255.240
    >
    > Recently we have acquired 16 more public IP addresses in different subnet,
    > such as 65.222.222.240 - 254..
    >
    > How can I add the new IPs to router, so that the FW behind can use them?
    > On FW behind Cisco 2600, can I still use 65.111.111.129 as gateway, or have
    > to add more?
    >
    > Help is very grateful.
    >
    > Ste
     
    Frank E Relaxx, Sep 13, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. wild59
    Replies:
    1
    Views:
    597
    ┬░Mike┬░
    Dec 13, 2003
  2. Rubix

    add 2nd HD to Server Machine

    Rubix, Apr 20, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    376
    =?UTF-8?B?UGFsaW5kcuKYu21l?=
    Apr 20, 2004
  3. core
    Replies:
    3
    Views:
    723
    Kenny
    May 4, 2005
  4. Replies:
    4
    Views:
    970
    Plato
    Jun 26, 2006
  5. Replies:
    1
    Views:
    343
    Walter Roberson
    Jun 8, 2007
Loading...

Share This Page