Cisco 2600 router with WatchGuard 1000 firebox

Hi.
I have received great responses before and I appreciate all the great help! I would like to hookup a 2600 router ahead of our firebox for QoS purposes. Our link is a T1 and we do video conferencing. I'm comfortable setting up the QoS parameters but I having difficulty in getting the router and firebox to talk to each other. Here is the configuration.

Firebox:
Internal trusted: 192.168.100.x
Externa Interface: 69.x.x.122
Optional Interface: 172.16.168.x
Nat is turned on for the 192.168.100 network.

Cisco 2600 Router:
2 Fa interfaces.

Note: I do have another external IP address available from the ISP. 69.x.x.124

Thanks for the help.
--Rob

rclaxton1Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lrmooreCommented:
>Our link is a T1
>Cisco 2600 Router:
    2 Fa interfaces.

Don't you want to terminate the T1 directly into the router? Or do you want:
 T1/Router --> 2600 --> Firebox
                        |
              Traffic control only

You would need multiple public IP subnets, or split the one in half that is between the T1 router and the Firebox.
For example:

 T1 Router
   Serial interface
     ip address a.b.c.d 255.255.255.252
  Ethernet interface
      ip address 69.xx.121 255.255.255.248

---> slip in the 2600 here
      interface Fast 0/0
        description facing T1
        ip address 69.xx.124

      interface Fast 0/1
        descript facing Firebox
         ip address 69.x.x.  <== here's the dilema. This interface *must* be on a different IP subnet than the outside

Firebox
     outside interface 69.x.x.122  <== now your not on the same IP subnet as the 2600....

>Note: I do have another external IP address available from the ISP. 69.x.x.124
If you only have one more IP address, and not another address block, you simply can't get there from here, unless you terminate the T1 directly onto the 2600...

0
rclaxton1Author Commented:
Thank you very much lrmoore. So...it's messy and certainly not optimal. If I got a T-1 Wan module for the router, what would the connection look like then? --thanks, Rob.
0
lrmooreCommented:
If you have a T1 module, it is much simpler:

2600:
<depending on T1 encapsulation, of course, this is basic>
 interface serial 0/0
   descript WAN to ISP
    ip address a.b.c.d 255.255.255.252

 interface Fast 0/0
  descript facing Firebox
  ip add 69.x.x.121

No changes to Firebox, Firebox simply points default gateway to .121

Done.
0
rclaxton1Author Commented:
thanks one last question before awarding points.  Would the T1 address still need to be on a different subnet mask or could I use the 69.x.x .124 address of the 255.255.255.248 mask?
0
lrmooreCommented:
Each physical interface must be on a separate IP subnet.
However, you *could* use IP unnumbered:

interface serial 0/0
  ip unnumbered fast 0/0

interface fast 0/0
 ip add 69.x.x.121 255.255.255.248

ip route 0.0.0.0 0.0.0.0 serial0/0

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Protocols

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.