dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1609
bhodges
join:2001-12-21
Thomson, GA

bhodges

Member

3220H Static IPs with Static Routes Config

Ok, this is gonna be a little long so please bear with me.

Equipment: Cayman 3220-H
Software: GatorSurf 6.2.0 r2 MultiUser and Security Mon enabled
ISP: BellSouth DSL with 5 static IPS
The Challenge: Set up router with static IPs to allow 2 computers on lan to access internet with public IPs while retaining their private addresses, and also allowing other pc on same lan access to internet through NAT.

Ok, I have received my IP information from Bell and have upgraded to the 6.2 software and installed the multi-user key.

We use our systems to do remote support through PcAnywhere among other things. Some of our customers are medical facilities with pretty strict access rules so they want static IP addresses so they can punch holes in their firewalls for us. Right now, only 2 pc's need to have static IPs. Because of the nature of some of the software we have running on our network it is vital that these two computers have private IP addresses(10.0.0.x). But, they will need to have static public IPs for the firewall issues. This should work using IP maps? Additionally, the other PCs on the network will still need access to the internet, I assume using NAT.

The problem I'm having is getting the router set up to make this work. According to the setup instructions from Bell the Lan IP has to be the first address of the subnet they gave us which is all fine and good but it's a 65.x.x.x address and the Lan pc's won't see that. So I need to know how to set up the Wan and Ip interfaces so this will work. It's probably simple but I'm slightly delerious from sleep deprivation and the solution just isn't jumping out at me. Plus the boss is on me to get it done.

I have been able to set one pc up with the public IP and it works fine that way. Our Wan IP is not static. I guess they are using some sort of dynamic dns to get to our IPs. Anybody know that one?

Thanks for the help.

leevis
Growing Older But Not Up

join:2000-10-28
Pascagoula, MS

leevis

The procedure is outlined in the post here:

»want to open up LAN IP address

Lee
bhodges
join:2001-12-21
Thomson, GA

bhodges

Member

Yes but my issue is a bit different. I had posted in that thread before I registered.

fuzz
Fuzz
Premium Member
join:2000-06-05
FuzzLand

fuzz

Premium Member

You want NAT on.

You want the Cayman DHCP server to give all your PCs private IP Addresses.

You want static IPs routed to internal private IPs.

You want the WAN PC to see the private PC with the static IP address.

If that is what you are talking about then I'm not sure that will work.

I'm still trying to decipher what it is you want to happen.
I'm still confused.:)
bhodges
join:2001-12-21
Thomson, GA

bhodges

Member

Ok, a little more info.

All pcs must have private IP which is either static or DHCP from a NT4 server here.

All pcs must have internet access.

Two pcs must have a static public IP routed to their static Private IP. (IP Map)

The main problem I guess is how will the private network be able to see the Lan Ip on the router if it's on a 65.x.x.x and the private net is 10.x.x.x

fuzz
Fuzz
Premium Member
join:2000-06-05
FuzzLand

fuzz

Premium Member

Is this the physical layout of your network?

leevis
Growing Older But Not Up

join:2000-10-28
Pascagoula, MS

leevis to bhodges

to bhodges
Ahh...didn't realize that was you...Ok, I think I see what you are trying to do. It might be possible with the latest version of the Cayman firmware. Keeping in mind how BellSouth handles the 5 static IP's (which is different than most ISP's) here's how I'd set it up:

1. Configure your VCC1 as per usual (PPPoE or PPPoA, VPI/VCI of 8/35, NAT enabled, etc.).

2. This is where we'll vary from the BellSouth procedure. Give the LAN side of the Cayman a private IP address (if you are using 10.0.0.x, that's the subnet you'd use an address from).

3. For your PC's that must be static, assign each a private IP address in the subnet you used in step 2 above. Set the DNS server and Gateway address on each to the LAN IP address of the Cayman (see step 2 above again). Your PC's that get dynamically assigned IP's should receive an IP in this subnet as well and their gateway and DNS addresses should be the Caymans LAN address.

4. Using the IPMapping feature in the new Cayman firmware, create an entry for each static PC that maps their private LAN IP address to the static WAN IP you want to use.

That should do it. Maybe

Edit: Then again, it might not be possible at all. Seems like I remember reading that with the Cayman implementation of IPMapping, the Static Mapped IP addresses must be in the same subnet as the WAN IP address that is used by NAT. With BellSouth, it will NOT be the same...

Lee
bhodges
join:2001-12-21
Thomson, GA

bhodges

Member

fuzz, thats how it is.

leevis, trying that, think I already did it that way, but I've tried so many I can't remember.
bhodges

bhodges

Member

also, some of the computers are static ip but in the same subnet. These are the ones I need a public ip mapped to.

fuzz
Fuzz
Premium Member
join:2000-06-05
FuzzLand

fuzz to bhodges

Premium Member

to bhodges
I'm lost on this one.
The only thing I can think of would be to turn off the routing in the Cayman and let it pass everything. Then let the NT box do all the routing. I can't think of any way to get what you want. Maybe someone with way more knowledge on the subject will drop by and help. You could post in the networking forum and see if those people can help.
»Networking

Sorry, I'm not much help here.
bhodges
join:2001-12-21
Thomson, GA

bhodges

Member

I'm thinking what I'm going to have to do is just buy a Cisco router and put it in between the cayman and our network and do the address translations there. Then the Ip of the Lan on the Cayman won't matter. Now if I can just find one that doesn't cost a fortune that will do what I need.

kmac1
Off in new directions
Premium Member
join:2001-06-07
Port Neches, TX

kmac1 to bhodges

Premium Member

to bhodges
said by leevis:
3. For your PC's that must be static, assign each a private IP address in the subnet you used in step 2 above. Set the DNS server and Gateway address on each to the LAN IP address of the Cayman (see step 2 above again). Your PC's that get dynamically assigned IP's should receive an IP in this subnet as well and their gateway and DNS addresses should be the Caymans LAN address.

4. Using the IPMapping feature in the new Cayman firmware, create an entry for each static PC that maps their private LAN IP address to the static WAN IP you want to use
Leevis that won't work because the Cayman will only have 1 IP, which will be the WAN IP configured. The Cayman would have to have separate vcc setups for each WAN IP, which it won't do.

bhodges, the only way to open up multiple WAN IP like I think you want will be to set the Cayman up in a simultaneous DHCP/Bridge mode like I described ealier. I've also been told that pcAnywhere has trouble going thru NAT. I don't mess with it that much so I might be wrong.

This setup will also require 2 NICs in each computer you put on the WAN. You'll need one for the WAN IP and one for the LAN side or all the other computer on the private network won't see each other. The only other thing would be to get a router like the Cisco the will support Multi-NAT.

leevis
Growing Older But Not Up

join:2000-10-28
Pascagoula, MS

leevis

said by leevis:
Edit: Then again, it might not be possible at all. Seems like I remember reading that with the Cayman implementation of IPMapping, the Static Mapped IP addresses must be in the same subnet as the WAN IP address that is used by NAT. With BellSouth, it will NOT be the same...
And that's the very reason I added this to the end of my post.

Lee
bhodges
join:2001-12-21
Thomson, GA

bhodges

Member

I had considered multihoming them as well. I'll keep messing with it. THanks for your help fellas.

kmac1
Off in new directions
Premium Member
join:2001-06-07
Port Neches, TX

kmac1 to leevis

Premium Member

to leevis
DOH!! Sorry, I didn't read the whole thread again after you edited. My apologies!