| cisco router configuration for Ethernet over Copper. Need help configuring Cisco 1841 router and firewall.
My provider has put their equipment and given me 2 subnets with public ip address. I am used to getting just one Subnet and connecting my firewall straight to the hand off. But in this case I am a bit confused. I assume I will need to put a router and configure it with before I connect my firewall.
Configure 1841 with:
Subnet 1:
200.xxx.67.200/29
Gateway: 200.64.67.201
First usable ip: 200.64.67.204
Subnet 2:
200.xxx.97.128/25
ISP says that they route this network via 200.xxx.67.204
--------------------------------------------------------
I also have a firewall that I would like to be on the subnet 2 at 20.xxx.97.130 and have my private network 192.168.xxx.xxx behind it.
Thank you for all the help. |
|
| What make / model is this firewall you're talking about mike2002 ?
This is also HIGHLY dependent what exactly you want to do. If you only have one cable coming off the ISP-supplied
equipment and/or want a single chain of devices from the ISP-supplied equipment, then you could configure a
secondary ip address on the 1841 as follows :
config t
ip address x.x.x.x [subnet mask here]
ip address y.y.y.y [subnet mask here] secondary
If the ISP-supplied equipment allowed it, or you didn't mind the setup, you could connect a layer2 switch
and have the 1841 take the /29 subnet while your firewall did the /25.
My 00000010bits
Regards |
|
|
|
cramer
join:2007-04-10
Raleigh, NC
kudos:7 | He cannot do that since the second subnet is aimed at 204 -- the firewall would have to be 204 to get that traffic. |
|
| reply to mike2002
If they routed the second subnet to the X.X.X.204 address, then assign 200.64.67.204 to the wan interface on your 1841 (lets use fastE0/0). For the other subnet, assign 20.xxx.97.129 to the other interface on your router (lets use fastE0/1). Connect your firewall to the the FastE0/1 and assign it an IP address out of the second subnet. Configure your firewall. |
|
| reply to mike2002
It's a little odd that they give you a /29 with a gateway of 201 but your first usable is 204. Your first usable should be 202. Perhaps this is a shared circuit with other people in your building?
You have the option of setting your firewall up with single IP of 200.64.67.204 and ignoring the /25 or using the /25 without the 1841. If that's the case and you don't need or will use the /25 return it to the ISP.
If you need or must use the 1841 you can use it as follows:
interface FastEthernet0/0
description metro-e circuit id carrier tmc phone number
ip address 200.64.62.204 255.255.255.248
duplex full
speed 100
no cdp enable
!
interface FastEthernet0/1
description Customer Network
ip address 200.xxx.97.129 255.255.255.128
no cdp enable
ip route 0.0.0.0 0.0.0.0 200.64.67.201 name default-route-to-isp-a
Then connect your firewall to FA0/1 and use 209.xxx.97.130 as the address or you have the option of subnetting the 209.xxx.97.128/25 further by adding vlans or routes to other networks you may need.
--
I do not, have not, and will not work for AT&T/Comcast/Verizon/Charter or similar sized company. |
|
