[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 491
  • Last Modified:

Cheap simple router required

I have a very simple problem that I can't resolve at the moment.
We have had an SDSL line just installed.
This only provides us with 2 public IP addresses. However, we have been given a range of public IP's we can use behind the first 2.
An SDSL router/modem has been configured in passthrough mode using x.y.z.157 as the external address.
We need a very simple router to sit after the SDSL modem with an external address of x.y.z.158 default gateway x.y.z.157 and an internal address of a.b.c.100. This will then be connected to our Cisco PIX which has an external address of a.b.c.99 and use port forwarding for our internal mail servers etc.

The problem lies in the middle router. No one seems to supply a simple router that has no firewall, no wireless - all I want is one external RJ45 and one internal RJ45.

HELP.......
0
SBSDUNBLANE
Asked:
SBSDUNBLANE
1 Solution
 
photograffitiCommented:
Why do you even need the router? Just hook the firewall into the back of the SDSL router. That's how I have my network setup. It should work great for you. And if you configure the SDSL router/modem to only be a modem, the Cisco PIX can even do PPPoE and take the x.y.z.158 address directly on its public interface. And then it can do NAT for the range of public IPs you were given. And it's internal address can still be a.b.c.100 or .99.
0
 
heathcote123Commented:
Why cant you just configure the external interface of the pix to be x.y.z.99 ? & reconfig the static mappings? - it will listen on as many ip addresses as you want.

If you really do need an additional router for this, I'd take a look on ebay for an old cisco with two lan ports. - or even set up and old box with linux or w2k server RRAS if you have a spare license.
0
 
SBSDUNBLANEAuthor Commented:
Won't work -  I have similar on my home setup.
Problem is we need to use 5 public IP addresses, if we connect to the SDSL modem we can only use the 2 provided, use another router behind and we can use the 5.
We have tried using 2 PIX's, can't NAT with only 2 IP's available.
We have also tried with various other routers/firewalls trying to disable the firewall side of things.

A Cisco 2600/1750 will do the job, but at several 000 dollars.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
SBSDUNBLANEAuthor Commented:
We have considered the linux/windows two card option, bit of a waste of a PC and space - all we want is a simple good old fashioned router....
Must be someone still does them!
0
 
photograffitiCommented:
It will work. The PIX can NAT for IP addresses that aren't configured on the interface. So the PIX can have an ip address of x.y.z.158 and still be able to NAT for a totally different range of public IP addresses. Of course the caveat is that the DSL router has to route that traffic to the PIX in the first place. The ISP is forwarding traffic to the x.y.z.156/30 subnet towards your DSL router as well as the other range of public IP addresses you bought. Once it gets to that router it's up the DSL router to forward it to your PIX. Your PIX will have no problem doing the NAT once the traffic hits it.
Trust me.
0
 
SBSDUNBLANEAuthor Commented:
photograffiti
I am liking this - the DSL router does pass through the additional addresses that we need, we have proved that already.
I am assuming that all we require is to setup our internal hosts and put in a static IP of the address we want to translate to.
We can try this in the morning - thanks.
0
 
photograffitiCommented:
SBSDUNBLANE,

That is correct. So let's say your PIX is x.y.z.158 on the Outside interface. It can be 192.168.0.100 on the Inside interface. And if there is a web server on the inside that is 192.168.0.200, a configuration like this should work.

   ip address outside x.y.z.158 255.255.255.252
   ip address inside 192.168.0.100 255.255.255.0
   access-list 100 permit tcp any a.b.c.d eq www
   static (inside,outside) a.b.c.d 192.168.0.200
   access-group 100 in interface outside

Hope that helps.
0
 
fm250Commented:
SBSDUNBLANE,

you may consider using the pix as suggested. you may post your pix config if you have problem getting it to work.

hope this helps!
0
 
strombergtechCommented:
Transparent bridge the sdsl modem the put in a network switch after that.  You can then conenct as many firewalls as you need to the switch.
0
 
scrathcyboyCommented:
The existing routers can be configured, but if you want a simple passthrough router that is reliable, look at the linksys BEFSR41 or the RV042 -- just go into the router setup, turn off the DHCP, give it a static Ip in sync with your passthrough parameters, and configure both ports for normal and DMZ output, and turn off the firewall.  All this can be done in about 2 mintues, and the routers are $50 or less each.

http://www.linksys.com/servlet/Satellite?c=L_Product_C1&childpagename=US%2FLayout&cid=1118334622279&pagename=Linksys%2FCommon%2FVisitorWrapper

However, I agree that the current routers can do the job, if you prefer that way.  BTW, linksys is made by cisco, same quality, 1/3 the price.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now