We have a BT Infinity Business service with 5 static IP addresses. At the moment we have a firewall (watchguard xtm) connected directly to the BT supplied modem. The firewall has the 5 static IP addresses configured and everything is generally ok.
However we need a site-to-site vpn setup and for this to work, the firebox must have one of the static addresses configured on the external interface. The problem is that BT issues a dynamic peering address. From what I've read, this is a common setup and can usually be resolved by using a router/modem with NAT turned off and one of the public addresses used as a local address. The solution in the following post seems typical:
Solution as an image:
I have two questions:
1, Can anyone suggest a device that will work with fibre - a simple ethernet modem?
2, This solution essentially 'wastes' one of our public addresses, is there a different solution that wouldn't?