Recent content by SweetRevelation

I'm not certain I fully understand what you are asking. I assume your network is setup like: FW -> Internal Network ISP -> 3750 -> DMZ Network Correct? You stated that you wanted to "take some routes out of the switch to free up some public IP addresses". What routes are you...

In ping test I am able to ping interface of ISP facing my router." Where are you pinging from? What is the source of the ICMP packets? We need a bit more information to be able to properly assist.

Is your pix the default gateway for the devices you are trying to ping when connected to the VPN?

You said "I am unable to ping my wan ip (172.35.7.246) from remote end." Can you clarify this statement? What is the remote end? Where are you initating your ping? More detail would be helpful.

I am very curious about this as well. Great question, I hope someone here has experience with this.

ACLs with a view clause should be what you need in BIND. You can create a view to offer up a different file for the zone requested, and you can assign people to the view with the ACLs.

It's an interesting question, mine is why exactly do you need to use Public IPs?

Need a little more information on the location of the load balancer, the IP addresses on the VPN appliance, default gateways, etc. With information about the location of the devices, IPs, and gateways we could probably give you a fairly accurate answer.

Simplest thing is to just try plugging it into a different switch port. That port is not seeing electrical signal at all from the remote side, it's showing down/down. There's not a whole lot that can be done if it's not even seeing signal.

You need to NAT. 145.42.88.1 will not know how to reach the 10.1.1.x subnet or any of the other subnets you create off that switch. You do not need to remove the IP address from VLAN 1 or turn that into a routed port, but it is a good idea. Using VLAN 1 is generally something that's avoided...

Why exactly do you want to NAT and PAT the same address? Maybe if we understood what you are trying to accomplish with this we could help more, but when you have a static NAT the firewall is going to use it.

We'd need to see the configs all the switches, at least for the ports on each switch where they connect to each other.

You would assign the address they give you with the /29 to one port on your cisco router, call it the ISP side. Then you would assign your /28 block to your other port on your cisco router, call it office side or whatever. On the /29 side they are telling you the IP to assign, on the /28 side...

Check the default gateway on the host 192.168.10.14 that you can't ping when on a different subnet. If you can ping it locally but can't ping it from another subnet it may not have a gateway configured.

Honestly for something like that and someone so green I would maybe recommend a firewall with a good GUI. I love Fortinets personally.