USG Flex 200/500/700 with BT /29 static IPs on FTTP.

cymru1
cymru1 Posts: 4  Freshman Member
Zyxel Certified Network Administrator - Nebula First Comment Friend Collector Seventh Anniversary
in Security

Has anyone successfully configured a USG Flex 200/500/700 to be able to make use of use a block of static public IPs on a BT-provided FTTP connection (PPPoE auth on the USG direct to ONT)?

In particular, I'm talking about the /29 that BT provides, not just a single public IP for the WAN.

Any advice or directions would be appreciated.

Thanks,

F.

All Replies

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Don't have a /29 so limited in how I can help.

    The idea of getting a /29 is you put that on a LAN gateway using up one of the IP'2 the WAN interface just gets a link IP like 10. then you add a routing rule from LAN to SNAT none.

    But that may not be how its done such that the connection to BT equipment you uses one of your IP's add a switch add more devices each getting a WAN IP till your out of WAN IP's.

    There are many way to do a setup depending on your ISP on how they give you your IP's.

    Another way is bridge WAN and DMZ with the bridge getting a WAN IP so that a LAN can SNAT out that and DMZ passes the other WAN IP's by a switch

  • cymru1
    cymru1 Posts: 4  Freshman Member
    Zyxel Certified Network Administrator - Nebula First Comment Friend Collector Seventh Anniversary

    Thanks Peter. I sort of get what you are saying, but I was hoping for a bit more specific detail to be honest, as I'm totally new to these devices. I'm from "a.n.other brand" background where I know what to do and where (or rather I did — it has been a long while and I'll bet I'd struggle with that too).

    I'm not even sure how these IPs are presented by BT. With my own ISP you get a static IP and a separate routed block (e.g. /29), which makes things really easy, but I'm not sure of the BT situation.

    So I'm rather hoping someone has done it. Someone must have. But will they read this, I wonder?

  • electsystech
    electsystech Posts: 47  Freshman Member
    First Answer First Comment Friend Collector Fifth Anniversary

    Is this BT Broadband in the UK?

  • cymru1
    cymru1 Posts: 4  Freshman Member
    Zyxel Certified Network Administrator - Nebula First Comment Friend Collector Seventh Anniversary
    https://community.zyxel.com/en/discussion/comment/64118#Comment_64118

    Yup. UK BT (Business).

    I'm not sure, but from what I've found online so far, I think that you get a random public IP on the WAN, and that the allocated /29 block is routed through that. That's all well and good, but my head starts to explode at this point, as it means I have to somehow allocate one of the /29 to the WAN on top of this random IP, just to be able to have a fixed IP to VPN to. This idea that the WAN IP is non-static could be incorrect, but that's what things seem to indicate from what I've read.

    I'm sorry that my knowledge in this area is so poor at present. I'll undoubtedly get up to speed before long, but a bit of hand-holding at first is what I need, if anyone is willing.

  • cymru1
    cymru1 Posts: 4  Freshman Member
    Zyxel Certified Network Administrator - Nebula First Comment Friend Collector Seventh Anniversary
    edited April 17

    I think I've found what I need. I've not tested it yet, but it looks right to me:

    https://community.zyxel.com/en/discussion/1324/how-to-route-multiple-public-static-ips-with-zyxel

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)