We're in the process of cutting over to a new internet connection and I'm trying to get our PA 2050 configured to handle to new IP range but I'm a bit stuck. We've been assigned the 188.8.131.52/28 subnet with 184.108.40.206 being the default gateway.
Currently I've set the external interface to 220.127.116.11/28 and configured a virtual router with a static route for 0.0.0.0/0 to 18.104.22.168. Finally I've set an outbound NAT rule of Dynamic IP and Port, address type is Interface Address, interface is ethernet 1/2 (the external interface) and the IP address is 22.214.171.124/28 but no joy.
I'm basing this config on our existing working config but that one has the default gateway outside the subnet assigned to us. That subnet is 126.96.36.199/30 and the default gateway is 188.8.131.52.
Any suggestions on where I've gone wrong?
Solved! Go to Solution.
Yes, first entry in the arp table
|interface||ip address||hw address||port||status ttl|
|ethernet1/2||184.108.40.206 a8:d0:e5:05:2a:41 ethernet1/2||c||1142|
test arp gratuitous ip 220.127.116.11/28 interface ethernet1/2
1 ARPs were sent
Still no internet access. I do have a deny all rule at the bottom of my security rules. Checking the network monitor from my test IP, I can see my traceroute and internet activity being allowed by my Layer 3 External rule.
Make sure that the interfaces you are sending traffic to and from are both part of the same virtual router. If they are using seperate virtual routers you will need to set up routing between them.
Actually it appears I misunderstood what our ISP set up for us. I received this email from them.
You have been allocated a new subnet 18.104.22.168/28. We have configured 22.214.171.124 in our core. The rest of the addresses .114 to .126 are available for you to use on your firewall for interface addressing, NAT etc. You will need to change the ip address on the outside of your firewall to one of these available addresses and change your default route to point to next hop 126.96.36.199.
So my question is then, how do I got about setting up my external interface to have the IP addresses from .114 to .126 and what would my outbound NAT rule look like?
Here's some of my current non-functional config
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!