Subnetting issue? Can only access 8 out of 16 addresses

[iorek]

Hi,

We've just moved to a new ISP, and from 8 routable IP addresses to 16. I've got the firewall working ok (NGX on Nokia IPSO so I'm accessing the network settings through Voyager interface) but can only use 8 out of the 16 new addresses. I thought it might be a subnetting problem but I'm not sure where I've gone wrong. My other thought is that we used to have 8 addresses and now I can only use 8, so maybe there's some setting I'm missing. I didn't do the original config on the firewall.

Old config:
IP range 217.xxx.xxx.96 - 103
fw IP 217.xxx.xxx.98
next hop static route 217.xxx.xxx.97
destination range 217.98/29 (I assumed it should have started at 96 not 98)

New config:
IP range 195.xxx.xxx.176 - 191
fw IP 195.xxx.xxx.178
next hop static route 195.xxx.xxx.177
destination range 195.xxx.xxx.176/28

When I ping one of the 'unreachable' addresses I don't see anything logged on the firewall.

I'm going to be able to have some downtime to do some testing on Friday - any suggestions gratefully received!

iorek

[chillyjim]

Check the topology of the firewall's object to make sure it has the new netmask in it.

[auroranl]

I asume you setup ARP on all addresses? Try removing them and adding one at the time only.

Add a test PC to the interface in question (with the IP in the subnet, eg the one from the router in front). Start a tcpdump on the firewall on the WAN interface and ping all IP's from the laptop for which the firewall should respond (eg has a proxy ARP). Check if the firewall sees any ARP request and response to them.

[iorek]

Hi again,

Thank you both for very helpful replies.

chillyjim - you were completely right - I han't changed the net mask on the firewall object.

Thank you!!

iorek