This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

ISP gave us additional /29 but it needs to route through an IP of our existing primary /27

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

ISP gave us additional /29 but it needs to route through an IP of our existing primary /27

jsafranek
L0 Member

‎04-07-2021 03:54 PM

We requested additional public IPs from our ISP. They gave us an additional  /29 to add to our /27 but we had to choose one IP in that original /27 to route this /29. I'm trying to determine how to do this properly. Let me know if more clarification is needed. 

 

Thanks!

0 Likes Likes
4 REPLIES 4

jdelio
L7 Applicator

‎04-08-2021 09:01 AM

Please provide more details to what you are trying to accomplish. 

Anything special as far as routing? Protocols? 

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!
0 Likes Likes

jsafranek
L0 Member
In response to jdelio

‎04-08-2021 09:42 AM

Nothing special just static routing. Just trying to utilize this additional subnet for mostly outbound. I mainly just need to figure out how I can route this /29 subnet to using an IP in my already established /27 as the next hop. All public routes for this new subnet are already configured by ISP to route to our existing IP in the /27. 

 

Existing /27

1.2.3.33  - ISP gateway

1.2.3.34  - outbound general

1.2.3.35  - inbound service 1

......

1.2.3.62  - IP that we need to use as gateway for new /29

 

new /27

1.2.10.248/29 - Next hop needs to be 1.2.3.62

 

0 Likes Likes

OtakarKlier
Cyber Elite
Cyber Elite
In response to jsafranek

‎04-08-2021 02:32 PM

Hello,

Not sure you need to? So the ISP is sending all IP's in your /29 and /27 to your firewall, so on your firewall you create your NAT's, etc. then on the firewall set the default route out to what it is now, i.e. 0.0.0.0/0 to your /29 gateway since that is probably in the range you have your current external IP in.

 

Regards,

0 Likes Likes

aleksandar.astardzhiev
Cyber Elite
Cyber Elite
In response to jsafranek

‎04-09-2021 04:15 AM

Hi @jsafranek ,

 

You don't have to anything from your side. It all up to the ISP to properly route the new /29.

- Because your firewall have assigned IP in the /27 when ISP needs to route traffic to your ISP will ask who has the MAC address of <your-fw-ip> and send the traffic directly

- Now the new /29 is not assigned anywhere (and there is no need). So in ISP gateway needs to know how to reach this network. For which they need to create static route pointing to your firewall, an IP that will reply to the ARP request.

 

To put it simple:

- Your IP needs to create route on their end for the new /29 pointing to the IP assigned to your FW in the old /27

- You don't have to do any routing or IP configuration.

- You can simply start creating NAT rules assigning IP addresses from the new /29

 

 

 

0 Likes Likes
  • 3252 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks