This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SUbnet routed through subnet

Sophos SG 230 / UTM 9 (latest)

We recently switched to fiber service. Our ISP did something that I haven't experienced. That is routing a /29 through a /30:

/30
Network: xx.xx.1.20  (primary external IP
Gateway: xx.xx.1.21
Useable: xx.xx.1.22
Broadcast: xx.xx.1.23

/29
Network: xx.xx.163.56
Gateway: xx.xx.163.57
Useable: xx.xx.163.58 thru 62
Broadcast: xx.xx.163.63

xx.xx.163.56 thru .63 creates 24,000 dropped destination hosts log entries daily

The /29 are supposed to be our available static IP's so:

1) How do I setup the statics I need?

2) How do stop the log entries for those statics I do not use?

 

Thanks,

Tom



This thread was automatically locked due to age.
Parents
  • Network: xx.xx.163.56
    Gateway: xx.xx.163.57
    Useable: xx.xx.163.58 thru 62
    Broadcast: xx.xx.163.63

    I guess my question could have been clearer, Tom.  Is xx.xx.163.57 the ISP's gateway or is this your plan for a DMZ using public IPs?  If it's indeed the same ISP for both subnets, I would expect the latter.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Yes Bob, it's the same ISP for both subnets. They stated that they routed the /29 through the /30 and I would use the IPs from the /29 for my statics. Previously (using a coax system) we had one /29 network with 5 statics, one of which we used as a public IP. While I wasn't thinking in terms of DMZ for this new setup, I do want separate networks.

    Thanks

  • You could do that, or add each of the eight IPs as a /32 Additional Address to the External interface.  The Additional Address approach would be preferable if you're planning on using Webserver Protection.  The DMZ approach is more elegant if these aren't web servers.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • That gives me a direction to work toward, thanks for your time Bob.

Reply Children
No Data