gimmiecpt
asked on
How to route 5 static IP's over a cisco network.
Because of the expert knowledg on this forum, I recently got my first Cisco network to route :). My question now is: I currently have a block of 5 static IP's. How do I get my 2620 router to recognize the IP's and pass them to the Firewall so it can filter them. Once filtered have it pass them to the appropriate machine.
Public IP range: 71.X.X.185 - 71.X.X.189
Public Interface on 2620 gets 17.X.X.190 every time it negotiates with my ISP.
Internal Web Server IP: 10.197.11.10
Internal Mail Server IP: 10.197.11.11
My current setup is as follows: (71.X.X.190:Public interface) Cisco 2620 (192.168.9.1: internal interface) --> (192.168.9.2:external interface) PIX (10.197.11.10: internal interface) --> 10.197.11.0/24 network.
How I would like this setup is: I want 71.X.X.189 to be pointed to my webserver, 71.X.X.188 pointed to the mail server. IP's 185-187 just NATed out. If possible I would like to stay away from DMZ, and just forward the ports that are needed. I want the 2620 to just pass all incomming IP requests to the PIX and have it forward the approprate ports.
Thank you again for all of your help all!
Adam
Public IP range: 71.X.X.185 - 71.X.X.189
Public Interface on 2620 gets 17.X.X.190 every time it negotiates with my ISP.
Internal Web Server IP: 10.197.11.10
Internal Mail Server IP: 10.197.11.11
My current setup is as follows: (71.X.X.190:Public interface) Cisco 2620 (192.168.9.1: internal interface) --> (192.168.9.2:external interface) PIX (10.197.11.10: internal interface) --> 10.197.11.0/24 network.
How I would like this setup is: I want 71.X.X.189 to be pointed to my webserver, 71.X.X.188 pointed to the mail server. IP's 185-187 just NATed out. If possible I would like to stay away from DMZ, and just forward the ports that are needed. I want the 2620 to just pass all incomming IP requests to the PIX and have it forward the approprate ports.
Thank you again for all of your help all!
Adam
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Scott,
That is what I thought too, but was never able to get it to work. How would I set it up to work in that fashion?
Adam
That is what I thought too, but was never able to get it to work. How would I set it up to work in that fashion?
Adam
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
"Should have" and "did" are likely two different things here.
What they likely did is put the /29 on the handoff segment. "Here you go, you have five addresses."
Most DSL providers will encourage the pounding of sand before they go around reprovisioning subnets because the customer wanted it engineered a different way. "Here's our T1 product..."
What they likely did is put the /29 on the handoff segment. "Here you go, you have five addresses."
Most DSL providers will encourage the pounding of sand before they go around reprovisioning subnets because the customer wanted it engineered a different way. "Here's our T1 product..."
Well then lets clear it up .... what type of interface is facing the ISP .... what type of interface is facing you? is the ISP give you a 30 bit subnet for one interface and then a 29 bit subnet for the other?
However pjtemplin is correct in stating an ISP would rather go pound sand than Re-address even the smallest segments.
Thanks
Scott
However pjtemplin is correct in stating an ISP would rather go pound sand than Re-address even the smallest segments.
Thanks
Scott
ASKER
Thank you guys for the assistance, sorry for the delay in the response. My WIC died and I have been trying for 2 months to get it replaced, but the company is being a pain. I will post on here again soon.. I see some light at the end of the tunnel.
Adam
Adam
you should be able to negotiate the address to the router and then use the first public on the ethernet of your firewall.
Thanks
Scott