dslreports logo
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
781
share rss forum feed

illizit

join:2004-02-29
Miami, FL

[Config] Cisco Router T1 WIC and Firewall

Hello,

We just had a T1 installed and was wondering what the proper configuration for the T1 would be. I usually have the router doing NAT for the LAN however, in this case it should route the public IP's to a separate firewall device which will then do NAT for the LAN.

T1 ----- Cisco 2600 W/ t1 WIC -----Firewall -----LAN

The ISP has assigned us a /29. I configured the serial interface to use the first usable IP in the /29 and then proceeded to add the second usable IP to the FastEthernet interfact on the router when I get the message it overlaps Serial 1. At this point I realize you cannot do routing between the two interfaces if they are on the same subnet.

What is the correct configuration? Can you bridge the Serial interface with the Ethernet interface?

Any assistance is appreciated.

Thanks!

nosx

join:2004-12-27
00000
kudos:5
You need to ask for a point to point /30 to assign to your serial interface, and then a LAN network /29, /28, /27, etc. for your DMZ behind the router.


psychogenic
Ready Steady
Premium
join:2003-05-01
Staten Island, NY
reply to illizit
No, they need to be on separate networks.

You can approach this in different ways.

Keep the /29 they gave you and assign the serial with an IP in that range and retain the rest if you want to create NAT statements on the router itself. The FE interface would have to sit on some other subnet of your choosing (public or private).

Request for another range (smaller /30 as mentioned) and assign that to your Serial. The provider would also have to update their end as well with this new range. Assign the /29 to your FastEthernet or assign a private range to your FastEthernet and save the /29 for NAT statements on the firewall, or return the /29 and request for a bigger public range for your NAT.
--
"He who hits head on wall, probably deserved it."


Paulg
Displaced Yooper
Premium
join:2004-03-15
Neenah, WI
kudos:1
reply to illizit
Another option would be to utilize the firewall featureset on the router (if it has one) and eliminate the separate firewall altogether.


battleop

join:2005-09-28
00000
reply to illizit
The right way is to Get a /30 for the serial then use the /29 on the Ethernet. Then use an open IP in the /29 for the firewall.
--
I do not, have not, and will not work for AT&T/Comcast/Verizon/Charter or similar sized company.


Da Geek Kid

join:2003-10-11
::1
kudos:1
reply to illizit
split the /29 into two /30s