This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ASG220 with Mutiple Static WAN IP Routing

This could probably be classified as a "n00b-ish" type question but it will certainly benefit me to find an answer and possibly benefit others as well.

I have an two ASG 220's in Active/Passive mode connected to our provider's metro ethernet with a /28 block of addresses (.240).

They gave us:
P2P IP: 10.10.36.116/30 | Gateway (.117) | Customer Layer 3 (.118)

Which became our WAN interface address set up like this:
IP: 10.10.36.118
Subnet: 255.255.255.240 (/28)
Gateway: 10.10.36.117

And they also issued us the following addresses as our static IP block:
Customer Allocation: 10.10.37.0/28
Customer Allocation Subnet: 255.255.255.240
Usable block: 10.10.37.1-14

I can add those IP address into the "Additional Addresses" section and the firewall answers on those addresses so all good there.

This is all well and good but I need to route one of those static IP addresses (10.10.37.14) to a new device (VOIP router that wants a public IP per the provider).

How can I route all traffic on the 10.10.37.14 address to that device? And how should I configure that device so it will get to the Internet and be accessible by their monitoring devices, etc.? Is this even possible?

Thanks in advance.

This thread was automatically locked due to age.

Parents

0 BarryG over 11 years ago

Hi, since you already have a /30 transfer network, I'd recommend creating a DMZ using the actual /28 addresses. (instead of putting them on an external interface)

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 11 years ago

Hi, since you already have a /30 transfer network, I'd recommend creating a DMZ using the actual /28 addresses. (instead of putting them on an external interface)

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 mrwebguy over 11 years ago in reply to BarryG
Thanks for the response Barry.  So, to be clear, I should take one of the free interfaces in the 220 and do something like this:

Interfaces
Edit Interface:
Name: DMZ Network
Type: Ethernet/Static
Hardware: eth2 (or whatever)
IPv4 Address: 10.10.37.1
Netmask: /28 (255.25.255.240)
IPv4 Default Gateway: [   ]

Then on DNS->NAT->Masquerading
New rule:
Network: DMZ Network (network)
Interface: Uplink interfaces (we have multiple WAN connections)
Use Address: >

Then a firewall rule that looks something like:
Sources: DMZ Network (network)
Service: Any
Destinations: Any
Action: Allow

And a second rule that looks like this:
Sources: Any
Service: Any (Or whatever services I'm allowing to the DMZ, blocking the obvious malware ports and unnecessary junk, etc)
Destinations: DMZ Network (network)
Action: Allow

A couple questions:
[LIST=1]
What would the gateway be on the devices on the DMZ?
What if I need one or two of those IPs WAN interface for stuff NOT on the DMZ network?
Do I need any NAT rules?  If so, what should those look like?
Do I need any static routes? If so, what should those look like?
[/LIST]

Sorry for all of the questions.  I've never done this on an ASG before and maybe only a few times ever on other devices years ago.
Cancel
Vote Up 0 Vote Down

Cancel