3

We just got a new Internet fiber service. Our ISP gave us a /30 for WAN and /29 for LAN? I have never seen this when setting up a new ISP service. I was always given a block of ip addresses (if needed) in the same range. So the WAN address gateway that was given is assigned to the router from the ISP. So if I setup our FW to use that usable /30 address (with the gateway their equipment), I can get on the Internet.

However, I am not sure how to setup the /29 they gave us? We requested 5 IP's for web servers / VPN server / other server.

Does this require us to get a router? We typically use our FW (CISCO PIX 515) and the router that the ISP provided as the route outside. However, the /30 and the /29 are different addresses.

Is this now the norm?

user202045
  • 33
  • 3

2 Answers2

5

It should be the standard setup - basically you are supposed to put a router on the /30 and then they should route the other IP addresses to that router. I normally would not like my device IP's (and that includes servers) to be directly attached to the ISP.

Whatever I did in the last 15 years or so always had this setup, and I was always using a router / firewall in between to handle the traffic. That said, I would not touch those addresses for the LAN (and use NAT instead) - internal devices do not need a public IP for themselves.

TheCleaner
  • 32,352
  • 26
  • 126
  • 188
TomTom
  • 50,857
  • 7
  • 52
  • 134
  • 1
    I concur with this. The other advantage is that you can, in theory, grow the number of IP addresses on the 'LAN' by requesting that another subnet be routed over your 'WAN' IP. – phil-lavin Dec 10 '13 at 13:54
  • 1
    Exactly. Or route them further over a VLAN or something like that. Basically you can run a "professional" network, not a end user setup. – TomTom Dec 10 '13 at 13:55
  • @TomTom - I agree with your answer in theory, but look over mine as well. – TheCleaner Dec 10 '13 at 14:13
4

While TomTom is correct based on his reading of the question, the OP might also be referring to a very common provisioning that ISPs do. The OP is calling it "LAN" IPs, but in reality they are WAN IPs assigned for his LAN "devices".

An example would be:

ISP assigns the "WAN" to a /30:

ISP side = 1.1.1.1

WAN port on router = 1.1.1.2

ISP also assigns a small block of useable addresses for things like Exchange, FTP, web server, etc. This is because the OP/customer requests it. "I need 5 IPs for some of my devices to be accessible from the internet..."

Assigned /29 = 4.4.4.1 - 4.4.4.6

Now the OP/customer gets confused. "How does 4.4.4.x route to 1.1.1.2? How do I set that up on my router...I don't get it. Why isn't it all part of the same subnet block?"

The ISP will route the 4.4.4.x/29 addresses across to the 1.1.1.2 address on the customer side. It is then up to the customer to use these addresses for whatever purposes (generally either a static NAT or similar).

So on the customer router/firewall you would (for instance) setup a static NAT for 4.4.4.1 to NAT internally to the Exchange server at 10.10.10.15. Then Exchange on the "internet" would be 4.4.4.1 (with applicable port/directional policies/firewall rules as needed).

It's pretty common for an ISP to do this (assign a different block for the "/30 WAN" and the "customer's internet IP's for their LAN equipment").

Community
  • 1
TheCleaner
  • 32,352
  • 26
  • 126
  • 188
  • 1
    Yes. Pretty common for a non-business-ISP. Seen that too - and always rejected it. – TomTom Dec 10 '13 at 14:20
  • I've seen it quite a bit in the biz world too. Sprint is notorious for doing this. Maybe it is their way of tracking "customer assigned IPs" vs. "Sprint routing IPs". Not sure, but I've seen it at least a dozen or so times over the years. – TheCleaner Dec 10 '13 at 14:22
  • Thank you... I am used to seeing a block in the same range. I was not sure if I needed to implement a router between my fw and the ISP equip/gateway. – user202045 Dec 10 '13 at 15:42