You can try using subinterfaces. But your isp router also has to have those
subinterfaces defined.
Cheers,
Lino E. Avila
La información contenida en el presente correo es confidencial y para uso
exclusivo de la persona o institución a que se refiere. Si usted no es el
receptor deliberado tiene prohibido y podría ser ilegal cualquier
distribución, divulgación, reproducción, completa o parcial, o cualquier
otra acción relativa a ella. Por favor notifique al emisor e inmediatamente
bórrela de forma permanente de cualquier computadora en la que resida y en
caso de existir, destruya cualquier copia impresa.
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Ray
Sent: Jueves, 30 de Marzo de 2006 07:27 p.m.
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Question on default route to a new ISP while retaining
original IP
Running R55 on Nokia 3.9.
I currently have a router between FW-1 and the T-1's that supply our
Internet connection. We're changing ISPs and I want to eliminate the router
because it doesn't really do anything useful (no filtering, etc.) and I can
use it elsewhere. The new ISP comes in via fiber. I also must keep the same
external IP address on FW-1. We have our own IP block and the new ISP will
announce those routes for us.
So my external interface currently looks like this (made-up addresses):
IP: 122.45.5.1 /24
Next hop router - default route (mine) 122.45.5.254
The new ISP wants us to re-IP the firewall to
IP: 67.56.4.3 /30
Next hop router - default route: 67.56.4.4
Obviously if I change the external IP like this, all sorts of things are
going to break, like all of our vendors that expect traffic to come from
122.45.5.1. I do use central licensing.
Is it possible to set the external interface like this:
IP: 122.45.5.1 /24 (original address)
Next hop router - default route: 67.56.4.4 (new ISP)
or do they truly both have to be on the same subnet? If so, is there any way
to fix this while still eliminating the old router and not manually setting
NAT on every object? Or do I just have to keep the old router in place?
Thanks for any education you can lend,
Ray
=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
