How to make use of all Public IPs

ManiSai
Comes here often

How to make use of all Public IPs

We have two sets of Public IPs.

 

Our ISP has provided one WAN IP and Six Number of LAN IPs (Public IPs) and asked us to route the same to WAN IP.

I tried configuration using meraki but not successful.

 

I wanted to use these 6 IPs as Public IPs and connect it to 3 other firewalls or routers available for different set of customers. Kindly help me to do the same.

 

Also provide me document if available for these scenario. 

5 Replies 5
General-Zod
Getting noticed

Greetings!

 

Sounds like they have assigned you a /30 and a /29 public address block and the ISP is simply routing the /29 to your CE device (MX), please clarify.

 

You should be able to setup the LAN side of your MX with the /29. Depending on how many ports your MX has you could plug in your addition routers that you want to have a public IP into the MX LAN ports. Just ensure the LAN side MX ports are in the same vlan (/29). If you don't have enough ports you might need a switch for extra port density.

 

Even if you were to do the above keep in mind all traffic from your downstream router with a public IP will NAT to that of the MX's public IP /30. Probably not ideal, unless you want to run BETA code that support "no NAT".

 

Because of this limitation I would use a different router at the edge where NAT isn't enforced and setup like above and connect said device to a switch to extend the /29 vlan to accomodate your additonal routers etc.

 

or.....you could do 1-1 NAT on the MX to your downstream routers, but the public IP won't be assigned to the physical WAN interface of the downstream router.

 

So a few options here, hope this helps

 

Cheers

 

ManiSai
Comes here often

ounds like they have assigned you a /30 and a /29 public address block and the ISP is simply routing the /29 to your CE device (MX), please clarify. - Yes

ManiSai
Comes here often

Idea is to use a router right. Is there any other solution to use MX
General-Zod
Getting noticed

Correct

 

As mentioned previously, if you want to use a mx there are 3 foreseeable options.

 

1) use 1-1 NAT on MX, your other customer routers would have a private IP on each wan ip, but at least the customer will have the same ip ingress and egress.
does this impact your offering? I guess it depends on the service your selling?

 

 

2) use beta code on mx and disable Nat on mx and assign the real public ips from your /29 to mx LAN and to your customer router.

 

3) same as option 2 but with Gold release software and accept the fact that outbound comms from customer router will src translate to mx /30

 

3 mx options aren’t enough for you? 🤓

 

 

 

 

Nash
Kind of a big deal

Could do an L3 switch or router/l2 combo as well, between your ISP and your firewall. This is assuming your ISP didn't provide you with any sort of router.

 

If you do this, make sure you have one VLAN per WAN link, and enough ports in case you ever get a secondary WAN. 

 

See this thread if you're interested in using a switch like this.

Get notified when there are additional replies to this discussion.