- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Using 7102dl as a firewall
Switches, Hubs, and Modems
1752754
Members
4586
Online
108789
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2008 12:45 AM
07-10-2008 12:45 AM
Hi all!
I am planning changes to our office network and was wondering if the following scenario is possible to implement using ProCurve Secure Router 7102dl:
Our connection to the internet is a standard RJ-45 (the DSL is a separate box provided by our ISP). We have two networks (/26) of public IP addresses.
We want our servers to have public IP addresses that the server is aware of (i.e. no NAT). Some of the servers use an address in the first network and others use an address in the second network.
We'd like to use the router's firewall capabilities to protect our servers (as extra security as they also have internal firewalls). But we don't want to use NAT if possible.
For workstations we have specified a private network which should be able to access the internet using NAT. The router should take care of implementing the NAT. DHCP would also be useful.
Is it possible to connect eth0/1 and eth0/2 to the same network and make the router act only as a firewall?
Is it possible to add multiple networks to eth0/2, maybe using VLANs and have the router implement NAT for the private network and to only act as a firewall for the public network?
I have tried to find example scenarios that would match this situation but so far I haven't been able to find any.
Any help is appreciated!
Best regards,
Thomas
I am planning changes to our office network and was wondering if the following scenario is possible to implement using ProCurve Secure Router 7102dl:
Our connection to the internet is a standard RJ-45 (the DSL is a separate box provided by our ISP). We have two networks (/26) of public IP addresses.
We want our servers to have public IP addresses that the server is aware of (i.e. no NAT). Some of the servers use an address in the first network and others use an address in the second network.
We'd like to use the router's firewall capabilities to protect our servers (as extra security as they also have internal firewalls). But we don't want to use NAT if possible.
For workstations we have specified a private network which should be able to access the internet using NAT. The router should take care of implementing the NAT. DHCP would also be useful.
Is it possible to connect eth0/1 and eth0/2 to the same network and make the router act only as a firewall?
Is it possible to add multiple networks to eth0/2, maybe using VLANs and have the router implement NAT for the private network and to only act as a firewall for the public network?
I have tried to find example scenarios that would match this situation but so far I haven't been able to find any.
Any help is appreciated!
Best regards,
Thomas
Solved! Go to Solution.
1 REPLY 1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-11-2008 04:07 AM
07-11-2008 04:07 AM
Solution
The router needs to know wich adresses to route and direct to wich interface.
If you use the /26 subnet on the outside interface of the router, then you must NAT.
After all all adresses appear on the connecting interface.
If the connection is made with a total different subnet (/31 is sufficient), then it can route the complete /26 subnet to another interface (to a vlan in this case).
so it may be possible if you can agree with your ISP to use a third subnet only for the connection between your router and theirs.
then they can add routes for both /26 subnets with next-hop=your-router.
In the worst case you need to divide one /26 network into one /31 net and the rest but that config is less obvious.
If you use the /26 subnet on the outside interface of the router, then you must NAT.
After all all adresses appear on the connecting interface.
If the connection is made with a total different subnet (/31 is sufficient), then it can route the complete /26 subnet to another interface (to a vlan in this case).
so it may be possible if you can agree with your ISP to use a third subnet only for the connection between your router and theirs.
then they can add routes for both /26 subnets with next-hop=your-router.
In the worst case you need to divide one /26 network into one /31 net and the rest but that config is less obvious.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP