• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 386
  • Last Modified:

How to route 5 static IP's over a cisco network.

Because of the expert knowledg on this forum, I recently got my first Cisco network to route :).  My question now is:  I currently have a block of 5 static IP's.  How do I get my 2620 router to recognize the IP's and pass them to the Firewall so it can filter them.  Once filtered have it pass them to the appropriate machine.

Public IP range:  71.X.X.185 - 71.X.X.189
Public Interface on 2620 gets 17.X.X.190 every time it negotiates with my ISP.

Internal Web Server IP: 10.197.11.10
Internal Mail Server IP: 10.197.11.11

My current setup is as follows:  (71.X.X.190:Public interface)  Cisco 2620 (192.168.9.1: internal interface) --> (192.168.9.2:external interface)  PIX (10.197.11.10: internal interface) --> 10.197.11.0/24 network.

How I would like this setup is:  I want 71.X.X.189 to be pointed to my webserver, 71.X.X.188 pointed to the mail server.  IP's 185-187 just NATed out.  If possible I would like to stay away from DMZ, and just forward the ports that are needed.  I want the 2620 to just pass all incomming IP requests to the PIX and have it forward the approprate ports.

Thank you again for all of your help all!

Adam
0
gimmiecpt
Asked:
gimmiecpt
  • 3
  • 2
  • 2
  • +1
3 Solutions
 
Scotty_ciscoCommented:
Then why are you running a private IP address on the router at all?  how does your connectivity come into the router? ethernet or serial?
you should be able to negotiate the address to the router and then use the first public on the ethernet of your firewall.

Thanks
Scott
0
 
rsivanandanCommented:
On the router do this;

ip nat inside source static 10.197.11.10 71.x.x.189
ip nat inside source static 10.197.11.11 71.x.x.188

The above says to map the private address to the public address. So when your ISP routes traffic to 71.x.x.189/188, the traffic hits your 2620 router and gets translated to the respective private address.

Try this.

Cheers,
Rajesh

0
 
gimmiecptAuthor Commented:
Scott,
   That is what I thought too, but was never able to get it to work.  How would I set it up to work in that fashion?

Adam

0
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

 
pjtemplinCommented:
Your public subnet is local to the LAN segment from your ISP.  If it's local to that segment, you can't use it on the other side of the router.  As others have pointed out, you'll need to NAT on the Cisco to make your private addresses inherit a public personality.
0
 
Scotty_ciscoCommented:
your ISP should have given you 2 addresses one with a 255.255.255.252 mask that goes on the serial.  You use one of the next set (that has 5 addresses in it) on the ethernet or you can use ip unnumbered fa0/0 on the serial and put the serial ip address on the ethernet therefore only using one IP address out of the block for the outside of the firewall.  The firewall will proxy arp for the remaining address if the are configured in the firewall.

Thanks
Scott
0
 
pjtemplinCommented:
"Should have" and "did" are likely two different things here.

What they likely did is put the /29 on the handoff segment.  "Here you go, you have five addresses."

Most DSL providers will encourage the pounding of sand before they go around reprovisioning subnets because the customer wanted it engineered a different way.  "Here's our T1 product..."
0
 
Scotty_ciscoCommented:
Well then lets clear it up .... what type of interface is facing the ISP .... what type of interface is facing you?  is the ISP give you a 30 bit subnet for one interface and then a 29 bit subnet for the other?

However pjtemplin is correct in stating an ISP  would rather go pound sand than Re-address even the smallest segments.

Thanks
Scott
0
 
gimmiecptAuthor Commented:
Thank you guys for the assistance, sorry for the delay in the response.  My WIC died and I have been trying for 2 months to get it replaced, but the company is being a pain.  I will post on here again soon.. I see some light at the end of the tunnel.

Adam
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now