Re: adding new ip range to fw-1

From: Michael Pelletier (mjpelletier_at_mjpelletier.com)
Date: 03/26/05 

Date: Sat, 26 Mar 2005 00:47:20 -0800

Joey D wrote:

> Hi,
>
> We have just been given an additional ip address range from our ISP
> due to reaching capacity on our existing range.
> Having just assigned one of these new ip addresses to an internal host
> I am unable to connect from the outside world. If I assign one of the
> existing ip addresses to the host I can connect with no problems.
>
> Do I have to configure something in FW-1 to get it to recognise and
> accept packets destined for this new network?

ah...ya! Remember you are ADDING another subnet. You MUST cofigure your
equipment, firewalls rules and routing to accomplish this....
 
> The new range is of the same class but a different sub network. I have
> attempted to add the range to the FW cluster object in the topology
> and also assigned an ip address to the nokia ip380 ipso 3.8.

No idea what your are talking about. Sounds like you added the subnet to the
firewall? How? Did you add the subnet to a new DMZ interface? Did you try
to supernet the subnets together (contigous range?). Please specify. DOn't
forget you also have to modify your firewall rules too!

> ... but no luck as yet trying to establish an external connection.
>
> When I try to tracert to one of the new addresses it seems to stop
> short at a router in the ISP. Perhaps they haven't configured the new
> range to route through our existing router(?).

It is posible or you have not configured your routing or firewall rules
correctly. I really need more information...

> Can someone kindly guide me please?

Send more information....

> Many thanks,
>
> Joe

Michael 

-- 
news.west.cox.net

Relevant Pages

  • Re: Cannot connect one computer to network
    ... >then internet, are you? ... If you have 24.175.213.236 and the subnet mask as ... it's assigned a public ip address by the ISP. ... Setup one computer as a software NAT router ala Internet Connection Sharing. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Accessing Multiple ISPs on the fly
    ... ADSL connection with a second ISP. ... > I am assuming that your WAN connections are going through two differnet ... > workstation to the other subnet if it is used to reset the IP configuration. ... > Its the routers that care. ...
    (microsoft.public.windowsxp.network_web)
  • Re: IPSEC routing ?
    ... are you saying the ISP has to Reverse-NAT or ... Reverse-proxy any traffic from my nodes on the ISP network to my network? ... I mean from the Public Internet to your LAN. ... Picture your LAN as being just another subnet "behind" another subnet within ...
    (microsoft.public.windows.server.networking)
  • Re: Remote Assistance
    ... they both acquire an IP from the ISP via dhcp. ... to put both on the same subnet, ... "Remote Assistance connection could not be established because the remote ... PC2 is on AVGfree. ...
    (microsoft.public.windowsxp.newusers)
  • Re: Is Our ISA2004 Compromised?
    ... I needed to block all traffic going to a subnet ... If the client's browser is configured to use Web Proxy, ... bypass Firewall rules that are based on target IP addresses? ...
    (microsoft.public.isa.configuration)