Hi Guys,
My company is trying to migrate from their current 1.5mg internet connection to a 15mg connection. The plan is to get a new cisco 2811 router , with two 10100mb cards. The ISP says their hand of will be an rj-45 connection which will be an ethernet connection. My concerns are whether I have to incorporate some special configurations on the 2800 routers connection to the isp such as traffic shaping or there will be no need to do anything to that connection except the usual acls needed to secure this router.
We currently have the ISP onsite router, handing of to a cat 2950 switch (which is just acting as a dump device) and a connectio from this switch to our VPN core device(Cisco 2811 router also). The Vpn Core Outside address is on the 207.202.118.7/24 net (which is a fastethernet interfac), and the internal interface is on the 172.18.1.12 (using dot1q). There are a pair of ASA on the internal network with an outside interface address of 207.202.118.1/24 ( the default route on the ASA points to the internet router owned by the ISP which is 207.202.118.2). The reason for all this explanation is that, we are also going to be given a new block of address and may have to do some renumbering. Can someone please help me in the methodology needed in order to have this migration. I know the new block will have to be replacing the pool of address int he 207.202.118.x/24 network.
I have the output of the different nets below which have been altered for security reasons. My question regarding the addressing part of my problem is, I presume everything that is part of the pool 207.202.118.x, will have to be re-addressed to the new block we get, and every thing that is internal and local does not have to change, just the global nat statements and acls that have the global address pools associated with them.
ASA cfg:
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit tcp any host 207.202.118.x1 eq www
access-list outside_access_in extended permit tcp any host 207.202.118.x2 eq https
access-list outside_access_in extended permit udp any host 207.202.118.x3 eq domain
access-list outside_access_in extended permit tcp any host 207.202.118.x4 eq domain
access-list outside_access_in extended permit tcp any host 207.202.118.x5 eq www
access-list outside_access_in extended permit tcp any host 207.202.118.x6 eq https
global (outside) 5 207.202.118.x1-207.202.118
.x20 netmask 255.255.255.0
global (outside) 200 207.202.118.x10- 207.202.118.x40 netmask 255.255.255.0
global (outside) 5 207.202.118.x44
global (outside) 2 207.202.118.x50
global (outside) 1 207.202.118.x51
static (dmz,outside) 207.202.118.x svr1 netmask 255.255.255.255
static (dmz,outside) 207.202.118.x svr2 netmask 255.255.255.255
static (dmz,outside) 207.202.118.x svr3 netmask 255.255.255.255
static (inside,outside) 207.202.118.x 10.202.118.x netmask 255.255.255.255
static (inside,outside) 207.202.118.x 10.202.118.x netmask 255.255.255.255
vpn core cfg (2811):
interface FastEthernet0/0
description ***** External *****
ip address 207.202.118.x7 255.255.255.0
ip access-group Outside-In in
duplex auto
speed auto
!
VPN 3000 CONCENTRATOR:
has an outside of 207.202.118.x20
Start Free Trial
