2 IP addresses, one physical using Nokia and CP R60

[djash]

All, I have the following problem:

My customer is using 2 Nokia 390 boxes and Checkpoint R60. They have a connection to the Internet via an ISP managed router. The routing on this is all done via the following subnet and IP addresses:

Nokia1: 213.86.16.251/29
Nokia2: 213.86.16.252/29
NokiaVRRP: 213.86.16.250/29

RouterIP: 213.86.16.253/29

Which is all fine and functions OK. However, the customer has a new requirement to have static NATs configured for several new services, and in planning for this has obtained a new range of public IP addresses from the ISP: 80.169.199.x/24 as the previous range does not give enough IP addresses.

Now the Nokia boxes have a 2nd IP address configured on the interfaces within this range:

Nokia1: 80.169.199.251
Nokia2: 80.169.199.252

, but the Internet router does not, but it does have a route for this network pointing to the Nokia and is advertising this out to the Internet.

The problem is that Checkpoint does not recognise these 2 IP addresses in it's Topology information and my customer would like to use this range for static NAT. The quesiton I have is, is this possible? and if so how? If anybody has any experience of this it would be much appreciated.

[mcnallym]

If the ISP Router is forwarding the traffic to your Nokia VRRP address for the first IP range then this should work fine. Just define your static NAT as per normal and use the new IP range.

I have done this myself where I had a similar situation for a customer.

[RobertGraham]

You'll need to create the proxy arp with the VRRP MAC though right?

[mcnallym]

I didn't have too as the Router was sending the traffic to the Nokia anyway so no need for the router to ARP and require proxy arp to be configured on the Nokia.

The Nokia just recieves the packets as they are routed to it.