Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Expanding network with additional public subnet.

    Posted 10-05-2012 06:33

    I have a /28 public subnet on untrust zone, trust vr.

    I am running out of public ip addresses.

    It will be unlikely that the ISP will give me a /27 which will include my current /28 range.

    Because I have VPN's and servers set up I would prefer not to change the IP address range.

    Is there any way I can keep my  current /28 subnet and add on another /28 subnet, even if there is a gap?

    For example I have firewall and interface set up with imaginary IP as 1.1.1.4/28 and my provider will give me 1.17.1.160/28?
     Would it be possible to tie this subnet to my current interface and create mip's? My feeling is not but I thought I'd check.

     



  • 2.  RE: Expanding network with additional public subnet.
    Best Answer

     
    Posted 10-05-2012 06:38

    Hi Pier,

     

    This is possible, and is not an uncommon scenario.

     

    You can use either MIP or DIP (extended IP) for the new public IP subnet.

     

    Regards,

    Sam



  • 3.  RE: Expanding network with additional public subnet.

    Posted 10-05-2012 07:16

    Thank you Sam,

     

    I just tested it hypothetically, with a MIP I thought it would complain, but it is fine.

    I guess my ISP would just need to configure their Cisco Router with the new subnet. Ok I will ask them for an additional /28 subnet.

     

    Thanks again

     



  • 4.  RE: Expanding network with additional public subnet.

    Posted 10-05-2012 08:09

    Hi Pier,

     

    The ISP will add this route on your CPE router (IPs are taken from your example):

     

    ip route 1.17.1.160 255.255.255.240 1.1.1.4