I know this should be easy, but for some reason I can't seem to get it figured out.
All of our customers are given Private IP's behind our main MT router. IE: 10.1.1.x or 10.1.2.x etc. Normally when they want a public IP Address, we just assign them one which resides on our public interface and IP map it inside to their private IP. This works well for us and we have no problems with IPSec or anything else working.
We have a situation where the client wants the public IP to sit on their device. For some reason I can't make this happen.
I've chopped out a subnet from a class C (IE: 200.200.53.0/24) that we use addresses from to IP map through to the clients. Do I need to re-subnet that to make it work?
200.200.53.248/30
This gives me 2 useable IP's. My thought was to put one on our internal interface which faces them and the other on their device. This doesn't seem to be working. They can use their IP of 200.200.53.250 and ping our IP of 200.200.53.249 but that's it.
Dynamic routing brings up the route in the routing table, but I can't pass traffic in or out of that connection.
Finally, this end user is on a VLAN if that matters. I've tried to assign the route via the physical interface as well as the VLAN interface
What am I doing wrong?
Arthur
Routing Public IP behind our NAT
Basically I need the same thing. All my customers are given private ip's and are NATed. But currently one of them wants a real public ip addr. 1:1 nat doesn't suit him. I've come to a conclusion that separate router would be the best solution, since it's very messy doing it in the same router as NAT is. We have a public subnet routed by our isp. I use edge router for a gateway of my public subnet, so planning to put a separate router and do some firewalled bridging to that particular customer. While our public subnet is only /28, I don't see how it could be done in L3.
Perhaps someone here could offer a better solution?..
Perhaps someone here could offer a better solution?..
Re: Routing Public IP behind our NAT
We have a routed network based on ospf. Clients get connection with pppoe-client that terminates on each bts and are routed with ospf.
if the customer wants a public wan ip we only set it up on the radius so the pppoe-client gets the public ip.
if the customer wants a public class behind the routerboard we configure it on the ether1 (example 66.44.22.0/29) then on the bts we add a static route (dst = 66.44.22.0/29 gateway=1.1.1.4 (pppoe private address)) and in the ospf istance settings we put "redistribuite static routes = as type 2". All iit's done.
ps: on the cpe remember to disable nat for public class!
if the customer wants a public wan ip we only set it up on the radius so the pppoe-client gets the public ip.
if the customer wants a public class behind the routerboard we configure it on the ether1 (example 66.44.22.0/29) then on the bts we add a static route (dst = 66.44.22.0/29 gateway=1.1.1.4 (pppoe private address)) and in the ospf istance settings we put "redistribuite static routes = as type 2". All iit's done.
ps: on the cpe remember to disable nat for public class!
Who is online
Users browsing this forum: No registered users and 9 guests