HynesCo
asked on
Linksys rv082/ADSL/ Watchguard firebox III 1000
All,
I have an exsisting network about 800 nodes the main router/firewall is a Watchguard Firebox III 1000
the firebox is using Nat, public address X.X.X.197 also aliasing a x.x.x.195/ private address 192.168.1.1 and doing port forwarding for Http, Smtp, Vpn etc. All the Dns Records are being pointed to the x.x.x.197. this now sits on a T1 that has about
10 unused static public IP's
I have a Dsl router that has been unused for 1 year that has 5 static public Ip addresses
I have a new Linksys RV082 dual wan router.
So I would like to configure the linksys wan1 with the T1 and wan2/Dmz with the DSL for failover
and slip the linksys behind the firebox with the least amount of reconfiguration to the lan, basicaly
configure the linksys like a switch which will just forward all traffic to the X.X.X.197 address
Is this even possible? Any suggestions would be very much appreciated.
P.S on my last attempt , I pulled the T1 from the external interface on the firebox, inserted into wan1 of the linksys
pluged the external interface of the firebox into lan1 port of the linksys, the firebox then disapeard from the lan, the default gateway 192.168.1.1 which is the firebox lan ip. I could not see or ping the firebox untill I reversed the configuration.
wan 1 on the linksys was configured with a x.x.x.196, lan ip was x.x.x.198 all public static IP's, all firewall features disabled
and a route enterd to forward all traffic to x.x.x.197
I have an exsisting network about 800 nodes the main router/firewall is a Watchguard Firebox III 1000
the firebox is using Nat, public address X.X.X.197 also aliasing a x.x.x.195/ private address 192.168.1.1 and doing port forwarding for Http, Smtp, Vpn etc. All the Dns Records are being pointed to the x.x.x.197. this now sits on a T1 that has about
10 unused static public IP's
I have a Dsl router that has been unused for 1 year that has 5 static public Ip addresses
I have a new Linksys RV082 dual wan router.
So I would like to configure the linksys wan1 with the T1 and wan2/Dmz with the DSL for failover
and slip the linksys behind the firebox with the least amount of reconfiguration to the lan, basicaly
configure the linksys like a switch which will just forward all traffic to the X.X.X.197 address
Is this even possible? Any suggestions would be very much appreciated.
P.S on my last attempt , I pulled the T1 from the external interface on the firebox, inserted into wan1 of the linksys
pluged the external interface of the firebox into lan1 port of the linksys, the firebox then disapeard from the lan, the default gateway 192.168.1.1 which is the firebox lan ip. I could not see or ping the firebox untill I reversed the configuration.
wan 1 on the linksys was configured with a x.x.x.196, lan ip was x.x.x.198 all public static IP's, all firewall features disabled
and a route enterd to forward all traffic to x.x.x.197
Fatal_Exception
Are you saying that you inserted the Dual Linksys between your firebox and T1, and lost the connection to your gateway on the firebox..? I must be reading this wrong, as I am not sure how that could happen..
ASKER
That's what I am saying, the local LAN port on the Firebox is configured as the gateway , that was never touched and completely disappeared once I switched the wan port only
ISP-----------------------
67.105.96.193 67.105.96.196/67.105.96.19
255.255.255.224-----------
ISP-----------------------
67.105.96.193 67.105.96.196/67.105.96.19
255.255.255.224-----------
Although I am not familiar with a Firebox, this is a most unusual occurrence. The gateway should remain regardless of what you do on the external side of the firewall. I could understand the route between the Firebox and the Linksys causing an issue, but you should still be able to ping the gateway...
On the Firebox, do you have ICMP enabled to allow a ping to be processed and bounced back..? In other words, I assume that ping works when you have the original config..??
On the Firebox, do you have ICMP enabled to allow a ping to be processed and bounced back..? In other words, I assume that ping works when you have the original config..??
ASKER
I agree, ICMP is enabled
one thing though, since I am turning the linksys into a basic switch
should the original default gateway on the firebox have to change from .193 or should it point to .198
one thing though, since I am turning the linksys into a basic switch
should the original default gateway on the firebox have to change from .193 or should it point to .198
We are using a dual wan router in my office. It gets two Global addresses for the Wan ports and I use private addresses from it to my firewall, then on to my routers, which further segment the network... so I guess it depends on how you want to set it up.. personally, I would set yours up like mine, as it is easy to administer that way, and to segment... In fact, I use all three private classes to do this...
ASKER
as far as you config goes, was the dual wan device introduced into a preconfigured network or was it inplace from the start?
No, we started with a Cable connection using a simple Linksys Device... As we expanded our operation, we realized the need for redundancy and I implemented the dual wan technology. Plugged it in, and after 30 minutes of configuring the DW router, we were up and running.. Did take a week or so to tweak the router, but we are fairly satisfied now...
that being said, we did take 2 weeks to determine the new network setup (and the entire day of the DW installation to implement the IP address scheme we wanted to employ..) This reconfiguration (DHCP) was generally done with our DC's and file servers in mind (we did not want to disturb their IP scheme) and the fact that we needed to isolate our external servers (web and mail) from our internal network within a DMZ...
that being said, we did take 2 weeks to determine the new network setup (and the entire day of the DW installation to implement the IP address scheme we wanted to employ..) This reconfiguration (DHCP) was generally done with our DC's and file servers in mind (we did not want to disturb their IP scheme) and the fact that we needed to isolate our external servers (web and mail) from our internal network within a DMZ...
ASKER
Fatal,
well If you dont mind I would like to ask a few questions for my peace of mind because I just dont know the answer to these
questions dealing with a dual wan device.
Buy the way if you remove the linksysRv082 and wan 2, this is the original config.
ISP-----------------------
|
T1 |
67.105.96.193 <Gateway 67.105.96.196 |
255.255.255.224-----------
Lan-- 255.255.255.224-----------
Wan2
66.138.217.201
ISP DSL /
66.138.217.206<Gateway
255.255.255.248
#1
the .197 on the firebox is the original config which also aliases a .195, I have A records, Mx records etc being forwarded to this address which then forwards the smtp to the mail server the www. to the web server. If I introduce the linksys behind the firebox will I have to change my DNS pointers to .196 on the linksys or is there a way that you know how to do this if it is even possible forward all traffic to the .197?
#2
If I am not doing a 1 to 1 Nat on the linksys
The Dsl for failover will not work unless I add a route?
The working mode is a router right? and not a gateway?
#3 With your experiance what would you do to get this up and running A.S.A.P with out alot of user interuption and or reconfiguration
Many Thanks
-HynesCo
well If you dont mind I would like to ask a few questions for my peace of mind because I just dont know the answer to these
questions dealing with a dual wan device.
Buy the way if you remove the linksysRv082 and wan 2, this is the original config.
ISP-----------------------
|
T1 |
67.105.96.193 <Gateway 67.105.96.196 |
255.255.255.224-----------
Lan-- 255.255.255.224-----------
Wan2
66.138.217.201
ISP DSL /
66.138.217.206<Gateway
255.255.255.248
#1
the .197 on the firebox is the original config which also aliases a .195, I have A records, Mx records etc being forwarded to this address which then forwards the smtp to the mail server the www. to the web server. If I introduce the linksys behind the firebox will I have to change my DNS pointers to .196 on the linksys or is there a way that you know how to do this if it is even possible forward all traffic to the .197?
#2
If I am not doing a 1 to 1 Nat on the linksys
The Dsl for failover will not work unless I add a route?
The working mode is a router right? and not a gateway?
#3 With your experiance what would you do to get this up and running A.S.A.P with out alot of user interuption and or reconfiguration
Many Thanks
-HynesCo
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Fatal,
Thank you for your input, I feel better about this project now, I will try to implement the router config again
next week some time, just waiting on the client's ok. So I am awarding you with the 500 pts, with an A rating
for all your help and time.
If I run into anything next week Ill post and maybe we can swap some ideas :)
Thank You
Regards,
-HynesCo
Thank you for your input, I feel better about this project now, I will try to implement the router config again
next week some time, just waiting on the client's ok. So I am awarding you with the 500 pts, with an A rating
for all your help and time.
If I run into anything next week Ill post and maybe we can swap some ideas :)
Thank You
Regards,
-HynesCo
Thank you, and I would be happy to try to assist.. Good luck with your client..
FE
FE