cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

External Interface Setup

I would like some clarification on how to setup the External interface for use with our CIDR block from Cox.  They gave us an IP and gateway and then gave us a CIDR block to use for our public IP's.

Here is what they gave us (IP's changed for security):

WAN Address 99.174.225.115

WAN Netmask 255.255.255.240

WAN Gateway 99.174.225.113

Customer CIDR Network 69.110.175.0/28

Customer CIDR Netmask 255.255.255.240

Number of hosts: 13

Suggested Default Gateway 69.110.175.1

First Useable 69.110.175.2

Last Useable 69.110.175.14

Broadcast 68.110.175.15

So for the External interface do I give it two IP's, 99.174.225.115/28 and 69.110.175.1/28 with a static route to 99.174.225.113?

Or do I need to give it the WAN IP of 99.174.225.115/28 and static route of 99.174.225.113 and then also assign each individual Public IP from the CIDR block like 69.110.175.1/28, 69.110.175.2/28, 69.110.175.3/28 ... 69.110.175.14/28?

4 Replies
Highlighted

Re: External Interface Setup

Hi,

For the second list I think these are your public IPs. They have given you a /28 which means you have 16 addresses.

1 goes for the network

1 goes for the broadcast

1 goes for the router

which leaves 13 and this ties up with the list.

Now you need to be able to route in and out of the this mini network so you need to tell this router for this mini network that it's upstream gateway is 99.174.225.113. This would mean puting another IP on the external interface of the router so it's on the same network as the gateway (99.174.225.113).

I think they are expecting you to put a router on your end of the CIDR rather than a firewall with the firewall being behind your router and protecting your internal network.

I'm not sure if you can get MFE to pretent to be a router, but I think you need somekind of router in the mix to make this work.

I might be talking nonsense and you've got this all working - if so I'd love to hear the explanation of how you got it working.

Highlighted

Re: External Interface Setup

This is what I received from tech support:

"Yes, thesecond option to have indivudual IP's for 69.110.175.x as alias ip's ,99.174.225.115/28  as WAN IP and staticroute to 99.174.225.113 will work here. Usually, COX will be having therequired routing for both the subnets in its upstream router to pass the traffic."

I haven't tried it yet so I guess we will see.  When it gets cut over I will update this thread and let you know what we had to do.  I would think you could go right from the cable modem to the firewall but who knows.

Message was edited by: grinder on 3/28/13 4:44:15 PM CDT
Highlighted

Re: External Interface Setup

Hi,

Just for giggles I tried the following.

Clean MFE virtual machine with two interfaces in a test lab.

external interface : 192.168.1.1/24

internal interface : 192.168.2.1/24

Turned on allow ICMP echo response so I could ping the external LAN.

Test virtual PC with IP 192.168.1.2/24 and set it's default gateway to be 192.168.1.1. Could successfully ping the external interface (yup I know, does not need the default gateway for this).

So far, so good nothing special here.

Added alias IP 192.168.3.1/24 to the external interface - notice this is on a different subnet (a bit like your CIDR allocation).

I could then ping 192.168.3.1 from the virtual PC. I guess it must have been routing to the firewall and the MFE knew what to do when it arrived at it's 192.168.1.1 interface.

I think this will work okay.

Highlighted

Re: External Interface Setup

... but don't forget to let us know when you make the switch over.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community