General Router FAQUsing the 2nd (Public) LAN Subnet |
If you have multiple public IP addresses (i.e. a subnet allocated by your ISP as opposed to just a single IP address) you just need to set up the router's second IP address on your first allocated public address. The rest of your ISP allocated subnet will then be passed through to your LAN. Your ISP will inform you of your allocated subnet and subnet mask.
You then need to manually set the PC's TCP/IP properties - give the PC one of your public IP addresses and you must also specify it's default gateway (the router's 2nd IP address) and some DNS server addresses (your ISP can advise of those). The section later on O/S setup has screenshots.
You can mix public and NATted IP addresses on your LAN so that some PCs are on your private (NATted) subnet and others have real public IP addresses; in this way if you have five public IP addresses, you are not limited to five clients on your LAN.
If you want to allow remote management or VPN termination to the router's 2nd IP address this can be done by issuing the command vpn 2ndsubnet on from the router's telnet interface. The address you set above will then be able to receive VPN calls from the Internet and, if remote management is enabled, allow remote management.
You can't actually disable NAT; it's a feature you either use or don't use, so if you don't use it, it just doesn't do anything. The most common reason for asking this question, however, is that users want their public IP address to be allocated to a client PC (or other device) behind the router. You cannot disable (not use) NAT unless you have multiple public IP addresses (a public subnet). Each 'point' on an IP network has to have unique IP address. For example router + client PC would need at least two IP addresses. If your ISP only allocates you a single public IP address then you have to 'create' some more, and we do this usually by using the private subnets (192.168.1.0 etc.). You then have to use NAT to translate one-to-many; to translate from your one public IP address to your many private ones. If you are wanting to put some other firewall or VPN device behind the Vigor, you can still do this with NAT operating - if you enable the router's DMZ facility to point at the other device then IPSec/ESP and PPTP can both be passed through.
NOTICE : This document is © SEG Communications and may not be distributed without specific written consent. Information and products subject to change at any time without notice.