Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
MMMiller60
Participant
Jump to solution

/30 and /26 to ISP without a router

Hi All

I hope I'm posting correctly here, It's one of first posts, I apologize if I'm in the wrong place.  I've raised the question with TAC but its been days and still can seem to get a clear answer.  We are running Gaia 80.30 jhft50 on our gateway appliance, management is separate.  We have a /30 and a /26 usable IPs from our ISP.  We have always used a router in between the gateway and the ISP with the router having on interface in the /30 and one in the /26, then our gateway has an IP in the /26 and the router as its default route.  We do 1 to 1 static NATs for any IP we want to use in the /26.  Can this be done without the router?  Can I just give the gateway an IP in the /30 and set the default route to the ISP router also in the /30?  I think outbound should be fine it will just take the default route to the ISP but I'm worried about inbound traffic for the /26 NATs.  I know our ISP has routes pointing all the traffic for our /26 IPs to our IP in the /30 but, once the traffic gets to the gateway will the gateway accept the traffic for the /26 when its IP for that interface is in the /30 not the /26?  If not, is there a solution to make this work, was thinking maybe using a layer 2 - 3 bridge to pin an IP from the /26 to that interface in the /30, could that do the trick?  TAC at one point mentioned proxy ARP, maybe that's what I need, but not sure, it seems tedious, one for every NAT.  Any help would be appreciated, thanks!

0 Kudos
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin
As long as there’s a route for the /26 on the upstream router, you can create Access Policy/NAT rules for those addresses.
Proxy ARP won’t be required.

View solution in original post

Wolfgang
Authority
Authority

MMMiller60,

as Dameon mentioned, this is not a problem if the /26 is routed to your gateway from the ISPs router.

One think to consider ,if you want to publish a service on the gateway with an IP from the /26 you have to bind an IP from /26 on an interface. Meaning services hosted on the gateway itself like MobileAccessBlade, MTA, VPN endpoint (site2site or remote access).

Wolfgang

View solution in original post

10 Replies
PhoneBoy
Admin
Admin
As long as there’s a route for the /26 on the upstream router, you can create Access Policy/NAT rules for those addresses.
Proxy ARP won’t be required.
MMMiller60
Participant
Thanks for the clarification! Yes, the ISP has static routes for the /26 in their router that point to the IP they assigned to me in the /30
0 Kudos
Wolfgang
Authority
Authority

MMMiller60,

as Dameon mentioned, this is not a problem if the /26 is routed to your gateway from the ISPs router.

One think to consider ,if you want to publish a service on the gateway with an IP from the /26 you have to bind an IP from /26 on an interface. Meaning services hosted on the gateway itself like MobileAccessBlade, MTA, VPN endpoint (site2site or remote access).

Wolfgang

MMMiller60
Participant

This is a good addition, thanks so much! I hadn't thought about this concern yet but it would absolutely have come up. How would you propose the best way to do this would be? I just found a much better document on all Gaia interfaces than the one I was looking at yesterday, is an interface alias for a /26 IP on the physical interface connected to the ISP the way to go here? Or the Hide NAT configuration on the gateway object also comes to mind. Any thoughts on these, or another better idea?

0 Kudos
Wolfgang
Authority
Authority

MMMiller60,

to get the /26 on a real interface use a new physical or add a VLAN to an existing and bind one of the IPs from the /26 network to this interface.

Wolfgang

0 Kudos
MMMiller60
Participant
Sorry I should have explained little clearer, we have only 1 access port connection to the ISP so I cant trunk to them, that's why I asking about the alias interface or gateway IP hide NAT. Sounds like I will need to install a switch in between then and use a second physical interface, correct?
0 Kudos
Wolfgang
Authority
Authority

You don‘t need a switch. Connect your one external interface of your gateway with the /30 mask to the router from the provider. And on another interface you can bind the /26. If the /26 routed from provider router to the gateway, everything will be fine. NAT is possible in both directions if needed.  

Wolfgang

0 Kudos
MMMiller60
Participant

Ok, just want to make sure I understand, /30 interface will be physically connected to the ISP but another interface will have an IP from the /26 but not be physically connected to anything?

 

...Yes, the ISP has static routes for all the /26 IPs to my IP in the /30

0 Kudos
Wolfgang
Authority
Authority

That's correct. If you use a physical interface you have to get this to an up state. This can be done if connected to a switchport or with a loopback adapter. My suggestion is to add a VLAN with an unused VLAN ID to another already connected interface, maybee you are already using VLANs on one interface. It is enough to define this VLAN on the gateway, you don't need this on switchport.

Wolfgang

MMMiller60
Participant

ok, it I've got it now, I see why you were mentioning using a vlan interface it's not important what it's connected to I just need somewhere to bind the IP, thanks!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events