DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
private circuit?
- iswizzle
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 21
- Thank you received: 0
04 Mar 2013 17:16 #75447
by iswizzle
private circuit? was created by iswizzle
lets say my provider has supplied me with a static ip address of 10.1.1.1/32 (yes i know that's a private ip range but the wan side of the router connects to this secure network)
is it possible to have a 10.1.1.0/24 on the lan side with only routing? ie so pc's on the lan side eg 10.1.1.10 can connect and there is no nat going on so that anybody on the wan side (remember this is secure) can connect directly to anything on the lan side?
or should i set the lan side to 10.1.2.0/24 and if i do this, does sombody who wants to connect to anything on the lan side from the wan have to have static routing enabled eg 10.1.2.0/24 has to go through 10.1.1.1/32?
is it possible to have a 10.1.1.0/24 on the lan side with only routing? ie so pc's on the lan side eg 10.1.1.10 can connect and there is no nat going on so that anybody on the wan side (remember this is secure) can connect directly to anything on the lan side?
or should i set the lan side to 10.1.2.0/24 and if i do this, does sombody who wants to connect to anything on the lan side from the wan have to have static routing enabled eg 10.1.2.0/24 has to go through 10.1.1.1/32?
Please Log in or Create an account to join the conversation.
- sicon
- Offline
- Contributor
Less
More
- Posts: 642
- Thank you received: 0
06 Mar 2013 15:30 #75483
by sicon
Replied by sicon on topic Re: private circuit?
just out of interest how would you connect to this externally?
I take it this is a MPLS or similar?
On the WAN side I would try it as a Static of 10.1.1.1/32
exclude anything on the LAN to pick up this address and make sure the is a router like 0.0.0.0/ 0.0.0.0 via 10.1.1.1 WAN1 or what ever interface it is you are using
10.1.1.0/ 255.255.255.0 directly connected LAN2
What devices are you using. If its a 2830 or2850 then you could create the separate subnets for each and let them route between each other.
Ive got a spare 2930 here im gonna put in these settings and see if it take it.:mrgreen:
I take it this is a MPLS or similar?
On the WAN side I would try it as a Static of 10.1.1.1/32
exclude anything on the LAN to pick up this address and make sure the is a router like 0.0.0.0/ 0.0.0.0 via 10.1.1.1 WAN1 or what ever interface it is you are using
10.1.1.0/ 255.255.255.0 directly connected LAN2
What devices are you using. If its a 2830 or2850 then you could create the separate subnets for each and let them route between each other.
Ive got a spare 2930 here im gonna put in these settings and see if it take it.
Please Log in or Create an account to join the conversation.
- sicon
- Offline
- Contributor
Less
More
- Posts: 642
- Thank you received: 0
06 Mar 2013 15:46 #75484
by sicon
Replied by sicon on topic Re: private circuit?
Actually scratch the Idea of having the address on the WAN as the LAN will still think its included on its own interface.
Changing the LAN subnet or using VLANs is probably the best way
Changing the LAN subnet or using VLANs is probably the best way
Please Log in or Create an account to join the conversation.
- iswizzle
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 21
- Thank you received: 0
07 Mar 2013 07:07 #75500
by iswizzle
Replied by iswizzle on topic Re: private circuit?
Yes, this is MPLS & our 2850 is connected via ADSL.
The provider (BT in this case) has been given our router address (10.1.1.1)
The problem is, that was the internal router address when we were using IPSEC and we would still like it to be our internal LAN 10.1.1.0/24
If I change the router to 10.1.1.1 as the WAN, it connects to the MPLS network and can then route/ping the other routers WAN's.
We just can't get the internal LAN's talking to each other although I am aware that a static route will be needed.
The provider (BT in this case) has been given our router address (10.1.1.1)
The problem is, that was the internal router address when we were using IPSEC and we would still like it to be our internal LAN 10.1.1.0/24
If I change the router to 10.1.1.1 as the WAN, it connects to the MPLS network and can then route/ping the other routers WAN's.
We just can't get the internal LAN's talking to each other although I am aware that a static route will be needed.
Please Log in or Create an account to join the conversation.
- sicon
- Offline
- Contributor
Less
More
- Posts: 642
- Thank you received: 0
07 Mar 2013 09:57 #75502
by sicon
Replied by sicon on topic Re: private circuit?
Ok, cant you just make the LAN a different subnet then and put in the route for x.x.x.x Via 10.1.1.1?
Please Log in or Create an account to join the conversation.
- iswizzle
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 21
- Thank you received: 0
08 Mar 2013 07:13 #75511
by iswizzle
Replied by iswizzle on topic Re: private circuit?
no, we want to keep the original subnet's to avoid to much change.
I think we are going to have to change the LAN side to 10.1.1.0/24 and then change the WAN side to say 192.168.1.1/32.
That way we can keep the LAN's exactly the same but only change all of the WAN's
I think we are going to have to change the LAN side to 10.1.1.0/24 and then change the WAN side to say 192.168.1.1/32.
That way we can keep the LAN's exactly the same but only change all of the WAN's
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek