Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 5 subscribers
  • Views 2016 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

2nd Public Subnet to be routed to a router behind Sophos SG

Danny Chaplin

Hello,

 

I need to give a public IP to a Cisco behind the Sophos SG.

 

The ISP had a single usable IP issued

They have provided another subnet for use with 2 usable IPs

I have setup the addational subnet on eth2 and connected the cisco to eth2 but doesnt seem to work but i am able to ping the additional subnet IP added to eth remotely.

 

the gateway to route back to the ISP is the same but the addational subnet is not within the same range as the gateway.

I have added a masq and firewall rule to no avail.


Any ideas



This thread was automatically locked due to age.
Parents
  • 0

    Hi Danny and welcome to the UTM Community!

    Without a more detailed description, I'm guessing at what you have and what you want.  Assuming that your UTM's public IP is 62.232.14.18 and that your ISP also gave you 62.232.62.32/30 which they route to 62.232.14.18:

    1. Assign 62.232.62.32 to the interface defined on eth2 and call it DMZ.  Don't add a default gateway.
    2. Assign 62.232.62.33 to the Cisco with a default gateway of 62.232.62.32.
    3. Create firewall rules allowing desired traffic in and out.  No route or NAT is needed.
    4. Create a Masq rule like 'DMZ (Network) -> External'

    That should do the trick.  If you're still not getting what you need, start with #2 in Rulz.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Hi Danny and welcome to the UTM Community!

    Without a more detailed description, I'm guessing at what you have and what you want.  Assuming that your UTM's public IP is 62.232.14.18 and that your ISP also gave you 62.232.62.32/30 which they route to 62.232.14.18:

    1. Assign 62.232.62.32 to the interface defined on eth2 and call it DMZ.  Don't add a default gateway.
    2. Assign 62.232.62.33 to the Cisco with a default gateway of 62.232.62.32.
    3. Create firewall rules allowing desired traffic in and out.  No route or NAT is needed.
    4. Create a Masq rule like 'DMZ (Network) -> External'

    That should do the trick.  If you're still not getting what you need, start with #2 in Rulz.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML