We help IT Professionals succeed at work.

Cisco 1841 IP routing

spongebob256
spongebob256 asked
on
Medium Priority
380 Views
Last Modified: 2010-04-17
Hi,

I have Cisco 1841 with T1 card for the Internet.

The Serial0/1/0 has an ip address of 66.xxx.xxx.2

I have another block of ip subnet 209.xxx.xxx.16 /29 that is route from isp via the 66.xxx.xxx.2

i have HWIC4ESW, i configure one of the port for the HWIC4ESW to be Vlan 2 with ip 192.168.10.1

I can use nat to go out through 66.xxx.xxx.2,  

But how do i use the 209.xxx.xxx.17 to go out to the internet.

Comment
Watch Question

With one T1 card ? I don't think you can. Talk to the ISP and get it changed and get all of them in 66.x.x.x range.

Cheers,
Rajesh
Top Expert 2009

Commented:
Use them with static NAT's on the router if desired or you can put them in a NAT pool (really no point in doing that) but you have that option.

Author

Commented:
so i would need a pix to take one of the 209.xxx.xxx.16 ip and than nat it that way through the pix?

No way to use it with just the router?
Top Expert 2009
Commented:
You can NAT on the router using static NAT's as such.  No PIX required.

ip nat inside source static 10.10.10.10 209.xxx.xxx.16 extendable

This will create a one to one translation for the inside host 10.10.10.10.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
so i can do 1-1 nat
how about many to 1 nat?

Don't i have to assign one of the 209.xxx.xxx.17 to an interface?


Top Expert 2009

Commented:
No, you do not have to.  The 209.xxx.xxx.xxx subnet will be routed from your ISP to your router via 66.xxx.xxx.2.

You can do many to one NAT also but if you are PAT'ing off the interface (66.xxx.xxx.2), there really is no point in wasting your 209.x.x.x addresses.  Use those for Internet accessible servers or inside client applications that don't play well with PAT.

Author

Commented:
ok thanks JFrederick,

But by having the 209.xxx.xxx.xxx address as a webserver for example would comprimise the security of the 10.10.10.10 network?  If someone gets into the webserver on the 209.xxx.xxx.xxx than they can access the 10.10.10.10 network right?
Top Expert 2009

Commented:
Yes, there is always inherent risk when connecting to an unsecure network such as the Internet.  If you have the resources, you could create a "virtual" DMZ using VLAN's and subinterfaces on the 1841 router, you could also use a third physical interface on the 1841 router to use as a DMZ or put a PIX firewall with three interfaces behind the router.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.