Forwarding a puplic IP to CPE
Can anyone advise me how to forward a public IP to the CPE with out dstnat and srcnat. My nework is a fully routed network running on OSPF.
Re: Forwarding a puplic IP to CPE
If you don't want to use NAT (which is good) you just route it over to the CPE. Since you already have a full OSPF network you could simply implement the IP network on a CPE interface, and then add the interface as passive to OSPF. That's it, the CPE now advertises that IP space and the rest of your network knows where to go for those IPs.
Of course that assumes you have freely routable IP space that your RIR has assigned to you, or that your upstream ISP is routing to you. If you don't have that you have to use NAT, or use a very ugly hackish workaround where you turn on proxy ARP on your WAN interface and then simply pretend it's routed IP space. In order to do that you would have to be the only customer on that WAN interface (as in, you can't do this if the WAN IP network is shared with other entities other than the ISP and yourself). Rather than do that it would be better to get IP space from your ISP or RIR.
Of course that assumes you have freely routable IP space that your RIR has assigned to you, or that your upstream ISP is routing to you. If you don't have that you have to use NAT, or use a very ugly hackish workaround where you turn on proxy ARP on your WAN interface and then simply pretend it's routed IP space. In order to do that you would have to be the only customer on that WAN interface (as in, you can't do this if the WAN IP network is shared with other entities other than the ISP and yourself). Rather than do that it would be better to get IP space from your ISP or RIR.
Re: Forwarding a puplic IP to CPE
thanx fewi,
taking it one step further, can i setup a nas on cpe with the public IP in my radius and the subscriber can then do a dialup from his Juniper as he would on any adsl line?
taking it one step further, can i setup a nas on cpe with the public IP in my radius and the subscriber can then do a dialup from his Juniper as he would on any adsl line?
Re: Forwarding a puplic IP to CPE
Of course. You would need to assign the IP via RADIUS, and in OSPF on the CPE facing router redistribute static IPs (possibly with a filter, though) into OSPF. The client dials up via PPPoE, gets an IP address via RADIUS, the CPE facing router establishes the tunnel and has a route to the /32 on the other end in the process, redistributes the /32 into OSPF, and the rest of the network knows how to get to the /32.
Re: Forwarding a puplic IP to CPE
Done all that. The Cpe now has the IP and if I check on my core router there is a route for it. But I can not ping it from outside my network. I tried with proxy arp enabled, then I can ping it from the internet. Problem then is that any trafic coming from the Cpe to the internet shows as coming from my main IP due to the masqurade rule. If I add an accept rule this does not seem to work. What now??
Re: Forwarding a puplic IP to CPE
I have changed the accept rule to a netmap, but have had no success