0

I have a /29 subnet assigned by my ISP, with an SonicWALL office router and a Cisco voice router hooked up to a 'net-rail' of sorts with untagged VLAN switch ports connecting my ISP router's output and the two firewalls.

I'd like to use this as a routed subnet so that all connections hit my office firewall and I can DNAT to our internal network.

Is there anything that can be done without significant changes on our ISPs router?

Craig Watson
  • 9,575
  • 3
  • 32
  • 47
  • You can see if your switch is capable of Port Security feature? – Danila Ladner Apr 25 '13 at 20:54
  • It's hard for us to know without knowing anything about your current router setup. How is that subnet sent to you? Is it just bridged? Is it routed? – David Schwartz Apr 25 '13 at 21:01
  • @Danila - how would Port Security help in this situation? – Craig Watson Apr 25 '13 at 21:03
  • @David - I'll try and get some more info tomorrow (UK time) but I *believe* it's routed by our ISP to their router which is sitting in our rack. Their hand-off to us is a link into our net-rail. Sorry I can't be more specific! – Craig Watson Apr 25 '13 at 21:05

1 Answers1

3

Once it has the appropriate DNAT statements, your Sonicwall will automatically Proxy ARP for the other addresses on that connected network to your ISP. You do not need to "route" them to the outside IP address of your firewall.

SpacemanSpiff
  • 8,753
  • 1
  • 24
  • 35