spongebob256
asked on
Cisco 1841 IP routing
Hi,
I have Cisco 1841 with T1 card for the Internet.
The Serial0/1/0 has an ip address of 66.xxx.xxx.2
I have another block of ip subnet 209.xxx.xxx.16 /29 that is route from isp via the 66.xxx.xxx.2
i have HWIC4ESW, i configure one of the port for the HWIC4ESW to be Vlan 2 with ip 192.168.10.1
I can use nat to go out through 66.xxx.xxx.2,
But how do i use the 209.xxx.xxx.17 to go out to the internet.
I have Cisco 1841 with T1 card for the Internet.
The Serial0/1/0 has an ip address of 66.xxx.xxx.2
I have another block of ip subnet 209.xxx.xxx.16 /29 that is route from isp via the 66.xxx.xxx.2
i have HWIC4ESW, i configure one of the port for the HWIC4ESW to be Vlan 2 with ip 192.168.10.1
I can use nat to go out through 66.xxx.xxx.2,
But how do i use the 209.xxx.xxx.17 to go out to the internet.
Use them with static NAT's on the router if desired or you can put them in a NAT pool (really no point in doing that) but you have that option.
ASKER
so i would need a pix to take one of the 209.xxx.xxx.16 ip and than nat it that way through the pix?
No way to use it with just the router?
No way to use it with just the router?
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
so i can do 1-1 nat
how about many to 1 nat?
Don't i have to assign one of the 209.xxx.xxx.17 to an interface?
how about many to 1 nat?
Don't i have to assign one of the 209.xxx.xxx.17 to an interface?
No, you do not have to. The 209.xxx.xxx.xxx subnet will be routed from your ISP to your router via 66.xxx.xxx.2.
You can do many to one NAT also but if you are PAT'ing off the interface (66.xxx.xxx.2), there really is no point in wasting your 209.x.x.x addresses. Use those for Internet accessible servers or inside client applications that don't play well with PAT.
You can do many to one NAT also but if you are PAT'ing off the interface (66.xxx.xxx.2), there really is no point in wasting your 209.x.x.x addresses. Use those for Internet accessible servers or inside client applications that don't play well with PAT.
ASKER
ok thanks JFrederick,
But by having the 209.xxx.xxx.xxx address as a webserver for example would comprimise the security of the 10.10.10.10 network? If someone gets into the webserver on the 209.xxx.xxx.xxx than they can access the 10.10.10.10 network right?
But by having the 209.xxx.xxx.xxx address as a webserver for example would comprimise the security of the 10.10.10.10 network? If someone gets into the webserver on the 209.xxx.xxx.xxx than they can access the 10.10.10.10 network right?
Yes, there is always inherent risk when connecting to an unsecure network such as the Internet. If you have the resources, you could create a "virtual" DMZ using VLAN's and subinterfaces on the 1841 router, you could also use a third physical interface on the 1841 router to use as a DMZ or put a PIX firewall with three interfaces behind the router.
Cheers,
Rajesh