Yeah, that's what I wanted to do, but they said they can't do it because
it's a switch and because it's not their IP space. I don't think they're
being difficult, probably a company policy or something.
Thanks for all of your help,
Ray
From: "Lyons, Jon" <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: Re: [FW-1] Question on default route to a new ISP while retaining
original IP
Date: Mon, 3 Apr 2006 09:40:45 -0500
So why don't you just remove the router, and on the other router change
the Ethernet IP & subnet to match your firewall and be done with it.
Just because the ISP assigns you an IP address, doesn't necessarily mean
you have to use it. :)
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Ray
Sent: Friday, March 31, 2006 5:51 PM
To: [email protected]
Subject: Re: [FW-1] Question on default route to a new ISP while
retaining original IP
Thanks, Jon. That was a made-up address for illustration purposes. We
own
the addresses via ARIN. I was trying to figure out a way to get rid of
the
router totally because it doesn't really route anything. It just sends
everything from A to B and vice versa without restrictions.
I think I can eliminate the router by assigning the new ISP's address to
my
firewall external interface, detaching and re-attaching the license, and
then changing all of my network objects so they Hide NAT behind my
existing
firewall external IP addresses (proxy ARPing the whole mess), but that's
going to be a real pain ongoing.
Ray
>From: "Lyons, Jon" <[EMAIL PROTECTED]>
>Reply-To: Mailing list for discussion of Firewall-1
><[email protected]>
>To: [email protected]
>Subject: Re: [FW-1] Question on default route to a new ISP while
retaining
>original IP
>Date: Fri, 31 Mar 2006 15:45:12 -0600
>
>Who owns 122.45.5.1? you or your old ISP? Looks like APNIC uses that
>range, so if you're switching to a new ISP you will not be able to use
>that address for anything. You'll have to change all natting/vpns, and
>update any vendor connections that are based on that old IP 122.45.5.1.
>
>If you have addresses assigned to you by Arin, then create a /30
>subnet(or what ever size) and use that for your external firewall
>address & router Ethernet address. This will make it easier to move the
>next time. Switch ISPs, have them announce your subnets, and move the
>firewall and everything to a new router without changing anything on
the
>firewall.
>
>
>
>
>-----Original Message-----
>From: Mailing list for discussion of Firewall-1
>[mailto:[EMAIL PROTECTED] On Behalf Of Ray
>Sent: Thursday, March 30, 2006 7:27 PM
>To: [email protected]
>Subject: [FW-1] Question on default route to a new ISP while retaining
>original IP
>
>Running R55 on Nokia 3.9.
>
>I currently have a router between FW-1 and the T-1's that supply our
>Internet connection. We're changing ISPs and I want to eliminate the
>router
>because it doesn't really do anything useful (no filtering, etc.) and I
>can
>use it elsewhere. The new ISP comes in via fiber. I also must keep the
>same
>external IP address on FW-1. We have our own IP block and the new ISP
>will
>announce those routes for us.
>
>So my external interface currently looks like this (made-up addresses):
>
>IP: 122.45.5.1 /24
>Next hop router - default route (mine) 122.45.5.254
>
>The new ISP wants us to re-IP the firewall to
>
>IP: 67.56.4.3 /30
>Next hop router - default route: 67.56.4.4
>
>Obviously if I change the external IP like this, all sorts of things
are
>
>going to break, like all of our vendors that expect traffic to come
from
>
>122.45.5.1. I do use central licensing.
>
>Is it possible to set the external interface like this:
>
>IP: 122.45.5.1 /24 (original address)
>Next hop router - default route: 67.56.4.4 (new ISP)
>
>or do they truly both have to be on the same subnet? If so, is there
any
>way
>to fix this while still eliminating the old router and not manually
>setting
>NAT on every object? Or do I just have to keep the old router in place?
>
>Thanks for any education you can lend,
>
>Ray
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to [EMAIL PROTECTED]
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>[EMAIL PROTECTED]
>=================================================
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to [EMAIL PROTECTED]
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>[EMAIL PROTECTED]
>=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
