What to do with 5 public IPs provided by ISP

March 4, 2010 at 14:46:12
Specs: Windows XP
Hello everybody and thanks for reading my post !

First let me say that I'm a total networking noob :-(

We've just changed to a new ISP to get a 2mbps/2mbps shdsl IP access. They have provided us with 5 public IPs, and I don't know what to do with them and how to manage them.

In our new facilities, we've been working for a few weeks using a cheap ADSL connection (we still have it but this will be replaced by the new SHDSL), the router had one public IP and all the LAN (workgroup) computers where connected to the Internetm (all auto).

Right now we have 15 workstations, but in a couple of weeks 15 more will come. We've already bought one server and the Small Business Server 2008 OS.

This is the hardware we have now:

Cisco 800 series router (we can't manage it, the ISP will do it, all the ports are open)
Cisco 3560G (24ports) switch
Dlink (don't know the model, but it's an old and cheap one) 24 ports switch

I have too many questions but the main thing is: What router settings do my ISP have to set in the router?. I guess I'll have to use NAT to privide Internet connection to the workstations using one of the public IPs?. I'll need these extra IPs for VPN and the Exchange Server right?. Do I have to purchase a firewall to protect the LAN and the NAT conversion?

As you can read I'm lost

Thanks

Jud


See More: What to do with 5 public IPs provided by ISP

Report •

#1
March 4, 2010 at 15:02:56
What router settings do my ISP have to set in the router?.

That you would have to ask the ISP as there is no way for anybody else to know the answer to this question.

I guess I'll have to use NAT to privide Internet connection to the workstations using one of the public IPs?.

Most likely yes. I'd be curious to know what you've been using prior to getting the SHDSL connection.

Most small to medium businesses can get away with using a SOHO Router which will provide not only a firewal for protection but also NAT, DHCP and if needed, DMZ capability for servers that need direct external connectivity.

I'll need these extra IPs for VPN and the Exchange Server right?

I suppose you could go that route for an Exchange Server but it isn't necessary with a VPN device. Most enterprise level VPN devices reside between your LAN and the WAN. So, by way of example, and assuming a SOHO Router in the mix, a VPN setup with a dedicated VPN device would look as follows:

Internet >> VPN Device >> SOHO Router >> LAN (ie: clients/servers)

Some SOHO Routers have VPN endpoint capability so you could again save some $$$ buy getting one of those if you require VPN.

As for Exchange, and I know little about exchange, but if you need direct access to it from the internet, if your SOHO Router has a DMZ, you could put that server in the DMZ.

Do I have to purchase a firewall to protect the LAN and the NAT conversion?

If you'd like your internal network protected from intrusion from the external network a firewall is a good idea. These days, nobody goes without putting a firewall between them and the internet.


Report •

#2
March 4, 2010 at 15:03:43
There are many ways to use those addresses. Keep in mind that you don't have to use all of them right away. It all depends on the needs of the company, servers, departments, etc....

How do you know when a politician is lying? His mouth is moving.


Report •

#3
March 4, 2010 at 15:17:12
I would suggest you don't need but one public ip address.

You could use a public ip on an exchange front end but I would never put the exchange server exposed to the internet directly. Unless of course you want to be a spam bot.

If you put in a vpn capable firewall/router you wouldn't need but one ip also and you would get your vpn access.


Report •

Related Solutions

#4
March 4, 2010 at 15:17:29
Thank you very much Curt !

Before the shdsl we've been using an ADSL, with a ZYXEL 660HW router, everything in auto (IP and DNS). I just plugged all the PCs and it worked.

Probably my problem will be that We'll have to use the Cisco 870 the ISP provided, and I can't manage it. I'll talk to them tomorrow!

Thanks again,

Jud


Report •

#5
March 4, 2010 at 15:21:18
Guapo and Wanderer, thanks for your responses.

We'll definitely buy a hardware firewall, any recommendation for a LAN with 25-30 computers?

Jud


Report •

#6
March 4, 2010 at 15:49:38
I haven't used either but some people say that sonicwall is easier to configure than cisco.

How do you know when a politician is lying? His mouth is moving.


Report •

#7
March 4, 2010 at 16:07:55
The Zyxel 660HW isn't that bad and can be used further.
So you can give the Zyxel one of the public IPs and use the internet like before.
The Zyxel router also provices a firewall.

Report •

#8
March 5, 2010 at 10:24:26
So can I plug a cable from one router to the other and configure the second one as if the Cisco don't exist??

Report •

#9
March 5, 2010 at 10:35:42
The second router (Zyxel) can be configure for use with a static ip address (one of your public ip addresses, you got from the ISP, but not the one used by the Cisco router).
The gateway address and the dns server address, you have to use, should be written in the contract form of your ISP, where you got the public ip range.
The internal configuration can be as it was.

Report •

#10
March 6, 2010 at 05:46:12
Click on my name in any of my responses and read my "how-to" guide on "adding a second router" for setup information on adding a second SOHO Router to your network.

Report •

#11
March 6, 2010 at 15:20:39
Thank you so much ! I'm going to try it next monday.


Report •

#12
March 9, 2010 at 14:29:00
Well I haven't tested it yet. Tomorrow or thursday I'll have to buy something. I've been looking into this two models:

NETGEAR ProSafe VPN Firewall 200 FVX538

or

ZyWALL USG 200

Do you know them?, I believe they will cover our needs (the LAN will be about 30 computers). I need NAT as you told me, and also firewall protection, QoS and VPN.

I'm sure the problems will come when I have to configure it after the IPS's Cisco 870 black box. I'll try to follow your guide Curt !!

Thanks again


Report •

#13
March 9, 2010 at 14:59:20
I have no experience with either of the devices you listed so sadly, I can't be of any help to you there.

With regard to my guide, keep in mind that it's meant for use with SOHO Router's. I'm not sure it will apply to either of the devices you mentioned.

Good luck and I hope everything works for you the way it should!


Report •

Ask Question