Link to home
Create AccountLog in
Avatar of spongebob256
spongebob256

asked on

Cisco 1841 IP routing

Hi,

I have Cisco 1841 with T1 card for the Internet.

The Serial0/1/0 has an ip address of 66.xxx.xxx.2

I have another block of ip subnet 209.xxx.xxx.16 /29 that is route from isp via the 66.xxx.xxx.2

i have HWIC4ESW, i configure one of the port for the HWIC4ESW to be Vlan 2 with ip 192.168.10.1

I can use nat to go out through 66.xxx.xxx.2,  

But how do i use the 209.xxx.xxx.17 to go out to the internet.

Avatar of rsivanandan
rsivanandan
Flag of India image

With one T1 card ? I don't think you can. Talk to the ISP and get it changed and get all of them in 66.x.x.x range.

Cheers,
Rajesh
Use them with static NAT's on the router if desired or you can put them in a NAT pool (really no point in doing that) but you have that option.
Avatar of spongebob256
spongebob256

ASKER

so i would need a pix to take one of the 209.xxx.xxx.16 ip and than nat it that way through the pix?

No way to use it with just the router?
ASKER CERTIFIED SOLUTION
Avatar of JFrederick29
JFrederick29
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
so i can do 1-1 nat
how about many to 1 nat?

Don't i have to assign one of the 209.xxx.xxx.17 to an interface?


No, you do not have to.  The 209.xxx.xxx.xxx subnet will be routed from your ISP to your router via 66.xxx.xxx.2.

You can do many to one NAT also but if you are PAT'ing off the interface (66.xxx.xxx.2), there really is no point in wasting your 209.x.x.x addresses.  Use those for Internet accessible servers or inside client applications that don't play well with PAT.
ok thanks JFrederick,

But by having the 209.xxx.xxx.xxx address as a webserver for example would comprimise the security of the 10.10.10.10 network?  If someone gets into the webserver on the 209.xxx.xxx.xxx than they can access the 10.10.10.10 network right?
Yes, there is always inherent risk when connecting to an unsecure network such as the Internet.  If you have the resources, you could create a "virtual" DMZ using VLAN's and subinterfaces on the 1841 router, you could also use a third physical interface on the 1841 router to use as a DMZ or put a PIX firewall with three interfaces behind the router.