We've got a block of public IP's: x.x.28.0/23. Our ISP routes these IPs to our dedicated Internet service, which has another small block of public IPs: y.y.y.8/29.
The ISP gateway has customer facing interface y.y.y.9, which is connected to a switch. Our Production firewall Outside interface is y.y.y.12, and is also connected to same switch. The ISP gateway has a static ip route x.x.28.0 255.255.254.0 y.y.y.12. I am able to NAT to Class B Public IPs from the Production firewall OK.
We want to setup a small, separate lab network, using a second firewall, and NAT to a small portion of the same x.x.28.0/23 IP block. Obviously, that static route on the ISP gateway is preventing that from working, so I need to ask my ISP to change the static routes. My question is:
-
Should I ask the ISP to change that static route to use only the customer facing interface as the destination?
-
Is there some combination of static routes that my ISP could configure to allow my lab firewall to NAT to a small subset of that x.x.28.0/23 block? Around 8 public IPs should suffice, but I just can't wrap my head around the subnetting.
No comments:
Post a Comment