Link to home
Start Free TrialLog in
Avatar of slamit
slamit

asked on

Using external ADSL modem with Cisco 1841 router?

Hi experts,

We accidentally ordered the wrong router - expecting our Cisco 1841 to come with an ADSL interface - which it does not. It does have two Fast Ethernet ports, though.

Instead of getting a replacement, I'm wondering if we can or should get the existing one working.

The router will essentially be the perimiter firewall. I'm wondering if we can use a standard ADSL modem plugged into the phone line, with Ethernet connecting it to F0/1 (perhaps on the 192.168.2.x network) and with F0/0 connected to the internal (192.168.1.x).

Is that possible / what you're supposed to do? Will that protect the internal LAN pretty well from the internet (assuming ACLs are good).

I've only ever set up 800 series routers with SDM Express / SDM (with some CLI tweaking) and plan on doing the same for this 1841. If it is possible, what are the gotchas? And how do I ensure traffic flows from the internet into the internal network between those two interfaces? For example, how would I write a NAT rule to let port 25 get directed to our mail server?

Any info would be VERY MUCH appreciated!

Thanks in advance!
ASKER CERTIFIED SOLUTION
Avatar of Les Moore
Les Moore
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of slamit
slamit

ASKER

Thanks Irmoore, I'll give it a go and get back to you!

Just so I understand you 100%, is the 12.34.56.7 a private range address example? Or is it the IP we get from our ISP manually entered?

If it's private:

- would I set the router as, say, 12.34.56.8 (as an example), or do you not set an address in bridge mode?
- how do I view / refer to our ISP assigned IP address?

I've never used bridge mode before, so just want to be sure of what I'm doing!

Thank you so much again, I really appreciate it. I don't think the ASA is an option in the short term, but will definitely look into it for the future.
Or is it the IP we get from our ISP manually entered?
Yes.
The dsl modem does not get any IP adresses in bridge mode at all
Avatar of slamit

ASKER

Ahh okay. Thanks very much again, Irmoore - very much appreciated!

Is there any way we can work it with this configuration so that the modem gets the IP? That way we can, if the need arises, plug directly into the modem to bypass the Cisco etc. if we ever need to troubleshoot.

With a USR model we've used, we had to specify a DMZ host (which was the firewall's external interface) which just sent all traffic that way.

Would that work? And how would that change the config of the IFs and the NATing?
Avatar of slamit

ASKER

Yeah, it doesn't look like this ADSL modem I have here has Bridge Mode, but it does have that DMZ host setting to forward all packets to a specified IP.

Can we make that work?
Avatar of slamit

ASKER

Gah - sorry, I meant this modem DOESN'T have Bridge Mode.

Can we do the DMZ host thing and configure the router nicely that way? How would we do that?

Thanks in advance!
Avatar of slamit

ASKER

I'm hoping this theory is workable... could I:

- Set the ADSL Modem up at 192.168.200.254 and use the DMZ Host option to forward traffic to 192.168.200.1
- Plug the modem in to F0/1 which would have an IP of 192.168.200.1
- Plug the LAN in to F0/0 which would have an IP of 192.168.100.1 (for a 192.168.100.x internal network)

Would that work? And again, what would the config need to have to allow traffic to flow (internet outbound and SMTP inbound to the internal mail server, mainly).

Would I set the basic firewall up on the F0/1 interface?

And I'd set the EasyVPN Server to come in through the F0/1 interface too, wouldn't I? Would that automatically allow traffic in to the internal LAN or is there some tweaking for that, too?

... I really need to book some Cisco courses, pronto!! Unfortunately I need to get this router up in a couple of days though. :(

Thanks in advance, again!
Avatar of slamit

ASKER

Thanks Irmoore, you definitely got me on the right track! I have it working in basic form at the moment and feel slightly less clueless about Cisco Routers. I'll probably post a question with my final config to see if there are any recommended changes to make it as secure as poss!

Thanks again!