No Modem ;-) It's actually a co-location facility, normally they'd fully route for most clients but since the router I have at the moment can do it I asked them to instead create a link-net (/30) and then hand the entire /29 over to me so I could then use all 8 IP address (Since the IP's are routed to me as the next hop I can treat them as 8x /32's and thus use them all if I wish.) The linknet is in RFC1918 space and not Natted their end, It exists purely to Link my router to theirs. I suppose in theory the RFC1918 /30 address may not even need to be the main address on the sophos box, it just needs to exist on the WAN side interface because that's where the Upstream routers going to try to send any data for any of the /29 public IP's Essentially the router at the moment (Mikrotik RB450G) works but it's starting to struggle, perticullarly when it comes to the site2site VPN I have in place place to home (It Have about 75/20 VDSL at home). I was going to upgrade the router with a newer model, but actually if the pricing I'm seeing on an XG85 is correct then providing it can work in this situation I'm rather tempted to grab one of those instead since it can handle more VPN throughput than the Routerboard and you get the UTM stuff added ontop. Edit: Actually I think I can probably test this using a VM, shouldn't take to much effort to replicate the setup.
↧