Cisco 2600 router with WatchGuard 1000 firebox

Posted on 2006-04-01
Last Modified: 2013-11-29
I have received great responses before and I appreciate all the great help! I would like to hookup a 2600 router ahead of our firebox for QoS purposes. Our link is a T1 and we do video conferencing. I'm comfortable setting up the QoS parameters but I having difficulty in getting the router and firebox to talk to each other. Here is the configuration.

Internal trusted: 192.168.100.x
Externa Interface: 69.x.x.122
Optional Interface: 172.16.168.x
Nat is turned on for the 192.168.100 network.

Cisco 2600 Router:
2 Fa interfaces.

Note: I do have another external IP address available from the ISP. 69.x.x.124

Thanks for the help.

Question by:rclaxton1
    LVL 79

    Expert Comment

    >Our link is a T1
    >Cisco 2600 Router:
        2 Fa interfaces.

    Don't you want to terminate the T1 directly into the router? Or do you want:
     T1/Router --> 2600 --> Firebox
                  Traffic control only

    You would need multiple public IP subnets, or split the one in half that is between the T1 router and the Firebox.
    For example:

     T1 Router
       Serial interface
         ip address a.b.c.d
      Ethernet interface
          ip address 69.xx.121

    ---> slip in the 2600 here
          interface Fast 0/0
            description facing T1
            ip address 69.xx.124

          interface Fast 0/1
            descript facing Firebox
             ip address 69.x.x.  <== here's the dilema. This interface *must* be on a different IP subnet than the outside

         outside interface 69.x.x.122  <== now your not on the same IP subnet as the 2600....

    >Note: I do have another external IP address available from the ISP. 69.x.x.124
    If you only have one more IP address, and not another address block, you simply can't get there from here, unless you terminate the T1 directly onto the 2600...


    Author Comment

    Thank you very much lrmoore.'s messy and certainly not optimal. If I got a T-1 Wan module for the router, what would the connection look like then? --thanks, Rob.
    LVL 79

    Expert Comment

    If you have a T1 module, it is much simpler:

    <depending on T1 encapsulation, of course, this is basic>
     interface serial 0/0
       descript WAN to ISP
        ip address a.b.c.d

     interface Fast 0/0
      descript facing Firebox
      ip add 69.x.x.121

    No changes to Firebox, Firebox simply points default gateway to .121


    Author Comment

    thanks one last question before awarding points.  Would the T1 address still need to be on a different subnet mask or could I use the 69.x.x .124 address of the mask?
    LVL 79

    Accepted Solution

    Each physical interface must be on a separate IP subnet.
    However, you *could* use IP unnumbered:

    interface serial 0/0
      ip unnumbered fast 0/0

    interface fast 0/0
     ip add 69.x.x.121

    ip route serial0/0


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
    Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now