We're in the process of cutting over to a new internet connection and I'm trying to get our PA 2050 configured to handle to new IP range but I'm a bit stuck. We've been assigned the 220.127.116.11/28 subnet with 18.104.22.168 being the default gateway.
Currently I've set the external interface to 22.214.171.124/28 and configured a virtual router with a static route for 0.0.0.0/0 to 126.96.36.199. Finally I've set an outbound NAT rule of Dynamic IP and Port, address type is Interface Address, interface is ethernet 1/2 (the external interface) and the IP address is 188.8.131.52/28 but no joy.
I'm basing this config on our existing working config but that one has the default gateway outside the subnet assigned to us. That subnet is 184.108.40.206/30 and the default gateway is 220.127.116.11.
Any suggestions on where I've gone wrong?
Solved! Go to Solution.
Yes, first entry in the arp table
|interface||ip address||hw address||port||status ttl|
|ethernet1/2||18.104.22.168 a8:d0:e5:05:2a:41 ethernet1/2||c||1142|
No can't ping it but in saying that, can't ping the upstream router from the existing external interface and that still works anyway. The management profile is set to allow ping.
Can we try sending out garps on that interface to confirm the correct hw address
There is no deny all policy right?
test arp gratuitous ip 22.214.171.124/28 interface ethernet1/2
1 ARPs were sent
Still no internet access. I do have a deny all rule at the bottom of my security rules. Checking the network monitor from my test IP, I can see my traceroute and internet activity being allowed by my Layer 3 External rule.
Any interface errors
show interface ethernet1/2
have you tried changing the cable.
If all of the above does not work please open a support case with us.
Make sure that the interfaces you are sending traffic to and from are both part of the same virtual router. If they are using seperate virtual routers you will need to set up routing between them.
Actually it appears I misunderstood what our ISP set up for us. I received this email from them.
You have been allocated a new subnet 126.96.36.199/28. We have configured 188.8.131.52 in our core. The rest of the addresses .114 to .126 are available for you to use on your firewall for interface addressing, NAT etc. You will need to change the ip address on the outside of your firewall to one of these available addresses and change your default route to point to next hop 184.108.40.206.
So my question is then, how do I got about setting up my external interface to have the IP addresses from .114 to .126 and what would my outbound NAT rule look like?
Here's some of my current non-functional config
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!