Solved

Cheap simple router required

Posted on 2006-07-10
11
460 Views
Last Modified: 2013-11-29
I have a very simple problem that I can't resolve at the moment.
We have had an SDSL line just installed.
This only provides us with 2 public IP addresses. However, we have been given a range of public IP's we can use behind the first 2.
An SDSL router/modem has been configured in passthrough mode using x.y.z.157 as the external address.
We need a very simple router to sit after the SDSL modem with an external address of x.y.z.158 default gateway x.y.z.157 and an internal address of a.b.c.100. This will then be connected to our Cisco PIX which has an external address of a.b.c.99 and use port forwarding for our internal mail servers etc.

The problem lies in the middle router. No one seems to supply a simple router that has no firewall, no wireless - all I want is one external RJ45 and one internal RJ45.

HELP.......
0
Comment
Question by:SBSDUNBLANE
11 Comments
 
LVL 8

Expert Comment

by:photograffiti
ID: 17073492
Why do you even need the router? Just hook the firewall into the back of the SDSL router. That's how I have my network setup. It should work great for you. And if you configure the SDSL router/modem to only be a modem, the Cisco PIX can even do PPPoE and take the x.y.z.158 address directly on its public interface. And then it can do NAT for the range of public IPs you were given. And it's internal address can still be a.b.c.100 or .99.
0
 
LVL 5

Expert Comment

by:heathcote123
ID: 17073534
Why cant you just configure the external interface of the pix to be x.y.z.99 ? & reconfig the static mappings? - it will listen on as many ip addresses as you want.

If you really do need an additional router for this, I'd take a look on ebay for an old cisco with two lan ports. - or even set up and old box with linux or w2k server RRAS if you have a spare license.
0
 

Author Comment

by:SBSDUNBLANE
ID: 17073562
Won't work -  I have similar on my home setup.
Problem is we need to use 5 public IP addresses, if we connect to the SDSL modem we can only use the 2 provided, use another router behind and we can use the 5.
We have tried using 2 PIX's, can't NAT with only 2 IP's available.
We have also tried with various other routers/firewalls trying to disable the firewall side of things.

A Cisco 2600/1750 will do the job, but at several 000 dollars.
0
 

Author Comment

by:SBSDUNBLANE
ID: 17073583
We have considered the linux/windows two card option, bit of a waste of a PC and space - all we want is a simple good old fashioned router....
Must be someone still does them!
0
 
LVL 8

Accepted Solution

by:
photograffiti earned 500 total points
ID: 17073619
It will work. The PIX can NAT for IP addresses that aren't configured on the interface. So the PIX can have an ip address of x.y.z.158 and still be able to NAT for a totally different range of public IP addresses. Of course the caveat is that the DSL router has to route that traffic to the PIX in the first place. The ISP is forwarding traffic to the x.y.z.156/30 subnet towards your DSL router as well as the other range of public IP addresses you bought. Once it gets to that router it's up the DSL router to forward it to your PIX. Your PIX will have no problem doing the NAT once the traffic hits it.
Trust me.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:SBSDUNBLANE
ID: 17073811
photograffiti
I am liking this - the DSL router does pass through the additional addresses that we need, we have proved that already.
I am assuming that all we require is to setup our internal hosts and put in a static IP of the address we want to translate to.
We can try this in the morning - thanks.
0
 
LVL 3

Expert Comment

by:JJT2750
ID: 17073823
0
 
LVL 8

Expert Comment

by:photograffiti
ID: 17073917
SBSDUNBLANE,

That is correct. So let's say your PIX is x.y.z.158 on the Outside interface. It can be 192.168.0.100 on the Inside interface. And if there is a web server on the inside that is 192.168.0.200, a configuration like this should work.

   ip address outside x.y.z.158 255.255.255.252
   ip address inside 192.168.0.100 255.255.255.0
   access-list 100 permit tcp any a.b.c.d eq www
   static (inside,outside) a.b.c.d 192.168.0.200
   access-group 100 in interface outside

Hope that helps.
0
 
LVL 10

Expert Comment

by:fm250
ID: 17074886
SBSDUNBLANE,

you may consider using the pix as suggested. you may post your pix config if you have problem getting it to work.

hope this helps!
0
 

Expert Comment

by:strombergtech
ID: 17077392
Transparent bridge the sdsl modem the put in a network switch after that.  You can then conenct as many firewalls as you need to the switch.
0
 
LVL 44

Expert Comment

by:scrathcyboy
ID: 17078428
The existing routers can be configured, but if you want a simple passthrough router that is reliable, look at the linksys BEFSR41 or the RV042 -- just go into the router setup, turn off the DHCP, give it a static Ip in sync with your passthrough parameters, and configure both ports for normal and DMZ output, and turn off the firewall.  All this can be done in about 2 mintues, and the routers are $50 or less each.

http://www.linksys.com/servlet/Satellite?c=L_Product_C1&childpagename=US%2FLayout&cid=1118334622279&pagename=Linksys%2FCommon%2FVisitorWrapper

However, I agree that the current routers can do the job, if you prefer that way.  BTW, linksys is made by cisco, same quality, 1/3 the price.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now