[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

DHCP to only 1 interface on Cisco1603:Possible?

Posted on 2006-03-28
2
Medium Priority
?
282 Views
Last Modified: 2013-11-16
I have a VPN setup with 2 sites.  Let's call SiteA the 192.168.1 network.  I will call SiteB the 192.168.2 nework.  I have a new group of people that showed up at SiteB.  We want to keep them apart.  So, I thought that I could put up a Cisco 1603 router with IOS 12.0.(5) and seperate them.  I have diagramed this below.  So, I thought that if I put them on one side of the 1603 and forwarded their requests to the Internet -- then they would be safe in their own little world.  And, I have a couple of questions about it.  (Also, I realize that some one may see this and prefer a different physical configuration, but I don't have a lot of resources...fire away.)

My Rules:
I want the 1603 router to answer DHCP requests on interface E1 for the new group.  
I want them to have network address like 176.16.0.10 and up.  
I only want the new group to get to the Internet.
I don't want them on the 192.168.2 network except to jump on to the Internet.  
Oh, Yeah...there is no other DHCP server on the network at this time...all PC's are statically assigned--small shop ya know.

First, can you put DHCP on one interface only?  (This is important to me because the netork may have a DHCP server on the other segment in the future.)
Second, does anyone have a router configuration that would satisfy this design?  

I have static IP's assigned to the pix boxes in the picture.  They are working fine and negotiate a 3DES connection: life is good.  Thus, I don't really want to change the configuration on the pix boxes nor do I want to put the 1603 in between them in some way.  HOWEVER, I am open to suggestions from the experts.  

(Final Note: I realize that I have to put some kind of additional commands in the SiteB pix so that it accepts request from the 172 network.)

    The World
    |
    |
    Internet-----VPN TUNNEL----(public IP address)---[Pix 501 SiteA]+---(192.168.1 SiteA Network)
    |
    |
    + (public IP address)
    [Pix 501 SiteB]
    + (192.168.2.1 SiteB Network)
    |
    +
    [Switch]+---[PC]----[PC]----[etc... 192.168.2 SiteB Network]
    +
    |
    +{E0} (192.168.2.254 Network)
    [Cisco 1603]
    +{E1} (172.16.0.254 New Group at SiteB)
    |
    [Switch]----[PC]----[PC]----[etc... 172.16.0 Network]

Thanks.

William
0
Comment
Question by:wjolson
2 Comments
 
LVL 2

Accepted Solution

by:
Italia_NYC earned 2000 total points
ID: 16313506
Seems simple enough to me.

As long as your IOS on the 1603 support DHCP pools, you're golden.

Just enter a configuration similar to this;

ip dhcp pool "name"
   network 172.16.0.0 255.255.255.0
   dns-server "enter your DNS server here"
   default-router 172.16.0.254
   

This will enable all clients off the E1 interface of that router to get a dynamically assigned IP address.

On the 1603, make sure you enter a default route of 192.168.2.1

On the PIX you'll need to add something similar to "nat (inside) 1 172.16.0.0 255.255.255.0" to allow access to the internet. You'll probably also have to add a route to this new network by typing "route inside 172.16.0.0 255.255.255.0 192.168.2.254" on the PIX.

If you want to limit access of this new group to your 192.168.2.0 network; just create an access-list denying it. Keep in mind though; they will need access to 192.168.2.1; that's it.

Make sense?
0
 

Author Comment

by:wjolson
ID: 16317070
Italia,

this made perfect sense.  Thanks.  At my first attempt, I found I did not have DHCP supported under this image.  I have upgraded the IOS and this is just perfect.

Thank you again.

William

0

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question