How to set up multiple Public static IP via PPOE connection!
I am from Vietnam and would like to seek your help on the following matter of configuring public static ip access to NSA 5600 via PPOE with dynamic ip:
VNPT (Local ISP) provided us a block of 8 public static ip (126.96.36.199-8) via a PPOE connection with Dynamic IP address,
We run some servers inside the firewall with sub-net of 10.86.19.x. To provide services to outside world via those public ips we did the following:
- Create ARP for those public ip
- Create network address group for those ip
- Create access rule for those address group to allow WAN-LAN connection
- Create 1:1 NAT for each of those public ip to the inside lan servers
The above settings works well for almost a year with Web, mail, ssh and other services. However, recently, some client provided with static public ip of the range 113.160.164.x can not access our system (not stable, sometime can access our web, sometime failed). VNPT complained that we did the configuration wrongly and need to have a modem/router in between the firewall and the Media Converter to handle PPOE connection and the secondary LAN port shall be set up with the 188.8.131.52 address and act as a gateway for the entire network.
Logically, we believe VNPT has problem with routing setting at their (ISP) side. The option of having a router in between is good but NSA 5600 firewall has supported PPOE and others, so we would like to know whether we can do thing properly without an additional modem or router?
We only want the system to be accessible to all as this is a public service tool for our community in the province so we don't mind to stop the argument with them.
If anyone have experience on this, please be so kind to help us to do the configuration properly.
Dang Dinh Ngoc - Vietnam