Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Ok here is the setup,
DSL Line(Told to me that it is fully routed)
The Tech I talked also said we need a router on our side, more on that later.
We have the dsl modem plugged into a Netgear Firewall, The firewall then is doing Nat to internal network via the single external IP address.
We just bought a cisco asa 5200.
I want to have it setup so that there are three static 1 - 1 Nats on a DMZ port to 3 External IP addresses, The primary IP address of the external interface on the firewall will continue to be used to nat the staff network as it was in the original configuration above.
Now the Tech told me that we would need to buy a seperate router. but my question is if we were paying for a fully routed connection with 5 IP addresses, should we not just be able to say plug the dsl modem into a switch with 5 computers set with IP addresses to the ones assigned to us and we are off and running?Or for in my case have the Asa firewall setup with the IP aliases and nats to utilize the external IP addresses?
I know previously I have had routers on networks to do this but I guess I am a little confused with them saying our connection is a fully routed connection and that it costs double the non routed connnection with 5 ip addresses?
They sell two connections, one with 5 static IP addresses, and one that is fully routed with 5 ip addresses? I would have assumed that the fully routed would mean that we wouldn't need a router on our end behind the dsl modem?
At our office, we run one DSL modem into a switch, then out of the switch into two routers (each with static WAN IP) & then off to userland. Our business DSL comes with 2 static IPs.
You're correct in saying you could hook a switch up to the modem & then computers to that switch... just the modem probably isn't giving out DHCP, so the computers would have to have static ips assigned (which is what you said in your post).
I don't know about your firewall... I suppose it's possible the tech didn't know the details of it either. It certainly sounds plausible that if your fierewall can handle more than one external WAN & forward those on to separate DMZs, everything should be fine.
Ok, so get this, I was assuming that our connection was a transparent bridge, which is what it currently is. We are only using a single IP address. I asked to gain access to our other IP addresses and thats when this happened.
I get an email back saying that our connection will now be pppoe.
the ASA 5500 is able to do a pppoe but that to me doesn't sound like a fully routed dsl connection. Anyway I am on hold with them now. I hate ISP's.
well you wouldn't guess what happened.
Not 10 minutes after typing the last message our internet connection dropped. The remotly rebooted the dsl modem and deactivated the old IP Address we were using and gave us a new range. and it was different than the onethey emaile me and it wasn't pppoe. It was a bridged connection. Several hours of installing the brand new firewall still in its box resetting IP address's phoning branches to tell them the VPN will be down for a day or more, I am real ...hmmm ... err not happy. yah thats it not happy.
The I.S.P. is a service<s>. YOU should get what YOU paid for. IMHO, shop around for better relationship if it's a big part of YOUR schedule to deal with these issues. The hardware situation is both a quality issue and a preference issue. Priority needs to focus on the flow charts and the client side. Any changes in the hardware will reflect/and/or change the flow to the benefit or neglect of the client requirements. This indeed could be utility to decide the choices to implement, adjust or replace in the hardware sequence. My thoughts,... good luck to YOU.
Err who is your ISP, so I can be sure to avoid them in the future..
On the flip side I use Fidelity Networks for our corporate Internet connection, and they have been wonderful to deal with. So much better response than AT&T/SBC Hi-Cap division..
I mean when your provider calls and says 'Hey your connection is down is something going on ?', before YOU have noticed it's down. I'd say they are doing a pretty good job of monitoring your circuits.
I'd second that motion to shop around after that experience.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.