Monday, January 19, 2015

internet - New IP addressing from ISP




We just got a new Internet fiber service. Our ISP gave us a /30 for WAN and /29 for LAN? I have never seen this when setting up a new ISP service. I was always given a block of ip addresses (if needed) in the same range.
So the WAN address gateway that was given is assigned to the router from the ISP. So if I setup our FW to use that usable /30 address (with the gateway their equipment), I can get on the Internet.



However, I am not sure how to setup the /29 they gave us? We requested 5 IP's for web servers / VPN server / other server.



Does this require us to get a router? We typically use our FW (CISCO PIX 515) and the router that the ISP provided as the route outside. However, the /30 and the /29 are different addresses.



Is this now the norm?


Answer



While TomTom is correct based on his reading of the question, the OP might also be referring to a very common provisioning that ISPs do. The OP is calling it "LAN" IPs, but in reality they are WAN IPs assigned for his LAN "devices".




An example would be:




ISP assigns the "WAN" to a /30:



ISP side = 1.1.1.1



WAN port on router = 1.1.1.2





ISP also assigns a small block of useable addresses for things like Exchange, FTP, web server, etc. This is because the OP/customer requests it. "I need 5 IPs for some of my devices to be accessible from the internet..."




Assigned /29 = 4.4.4.1 - 4.4.4.6




Now the OP/customer gets confused. "How does 4.4.4.x route to 1.1.1.2? How do I set that up on my router...I don't get it. Why isn't it all part of the same subnet block?"



The ISP will route the 4.4.4.x/29 addresses across to the 1.1.1.2 address on the customer side. It is then up to the customer to use these addresses for whatever purposes (generally either a static NAT or similar).




So on the customer router/firewall you would (for instance) setup a static NAT for 4.4.4.1 to NAT internally to the Exchange server at 10.10.10.15. Then Exchange on the "internet" would be 4.4.4.1 (with applicable port/directional policies/firewall rules as needed).



It's pretty common for an ISP to do this (assign a different block for the "/30 WAN" and the "customer's internet IP's for their LAN equipment").


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...