Cisco 1841 IP routing

Hi,

I have Cisco 1841 with T1 card for the Internet.

The Serial0/1/0 has an ip address of 66.xxx.xxx.2

I have another block of ip subnet 209.xxx.xxx.16 /29 that is route from isp via the 66.xxx.xxx.2

i have HWIC4ESW, i configure one of the port for the HWIC4ESW to be Vlan 2 with ip 192.168.10.1

I can use nat to go out through 66.xxx.xxx.2,  

But how do i use the 209.xxx.xxx.17 to go out to the internet.

spongebob256Asked:
Who is Participating?
 
JFrederick29Commented:
You can NAT on the router using static NAT's as such.  No PIX required.

ip nat inside source static 10.10.10.10 209.xxx.xxx.16 extendable

This will create a one to one translation for the inside host 10.10.10.10.
0
 
rsivanandanCommented:
With one T1 card ? I don't think you can. Talk to the ISP and get it changed and get all of them in 66.x.x.x range.

Cheers,
Rajesh
0
 
JFrederick29Commented:
Use them with static NAT's on the router if desired or you can put them in a NAT pool (really no point in doing that) but you have that option.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
spongebob256Author Commented:
so i would need a pix to take one of the 209.xxx.xxx.16 ip and than nat it that way through the pix?

No way to use it with just the router?
0
 
spongebob256Author Commented:
so i can do 1-1 nat
how about many to 1 nat?

Don't i have to assign one of the 209.xxx.xxx.17 to an interface?


0
 
JFrederick29Commented:
No, you do not have to.  The 209.xxx.xxx.xxx subnet will be routed from your ISP to your router via 66.xxx.xxx.2.

You can do many to one NAT also but if you are PAT'ing off the interface (66.xxx.xxx.2), there really is no point in wasting your 209.x.x.x addresses.  Use those for Internet accessible servers or inside client applications that don't play well with PAT.
0
 
spongebob256Author Commented:
ok thanks JFrederick,

But by having the 209.xxx.xxx.xxx address as a webserver for example would comprimise the security of the 10.10.10.10 network?  If someone gets into the webserver on the 209.xxx.xxx.xxx than they can access the 10.10.10.10 network right?
0
 
JFrederick29Commented:
Yes, there is always inherent risk when connecting to an unsecure network such as the Internet.  If you have the resources, you could create a "virtual" DMZ using VLAN's and subinterfaces on the 1841 router, you could also use a third physical interface on the 1841 router to use as a DMZ or put a PIX firewall with three interfaces behind the router.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.