Issues having 2 linksys firewalls in network
We just received a new Cisco 800 router from our ISP that has its own static IP address as well as 4 ports, each port assigned a different static IP address.
Our network is currently set up with 1 firewall (Linksys BEFSX41) between the cisco 800 and a 3com superstack II hub that connects to a few other switches that users and IP phones are connected to.
We just signed up for a SIP Trunking service (hosted SIP lines for phones) and want to connect our Edgemarc 4500T4 appliance (that was given to us by the company that is hosting the SIP Trunking service) to one of the ports on the Cisoc 800 so that all traffic out will be coming from a unique IP, but before that we want to secure that by placing another Linksys BEFSX41 firewall (so it will be cisco 800 > linksys befsx41 > edgemarc 4500T4).
This means there will be 2 Linksys BEFSX41 firewalls on my network, one for regular network traffic and the other solely for use by the Edgemarc.
I was able to successfully configure the new firewall by connecting it directly to my pc and then 192.168.1.1 in my browser; then I configured it with the static ip settings provided by my ISP.
Once configured, i connected it in my network where it's supposed to be (cisco 800 > linksys befsx41) however, when I did that, we lost connection to the internet. We were still connected to the network and exchange server... but could not access the internet.
Anyone have any ideas as to what went wrong? I gave the new firewall exactly the same static ip settings as the first firewall (main ip, subnet mask, default gateway, dns1 and dns2) however I did give the new firewall a different local ip.
Any insight would be wonderful. Thanks.
Our network is currently set up with 1 firewall (Linksys BEFSX41) between the cisco 800 and a 3com superstack II hub that connects to a few other switches that users and IP phones are connected to.
We just signed up for a SIP Trunking service (hosted SIP lines for phones) and want to connect our Edgemarc 4500T4 appliance (that was given to us by the company that is hosting the SIP Trunking service) to one of the ports on the Cisoc 800 so that all traffic out will be coming from a unique IP, but before that we want to secure that by placing another Linksys BEFSX41 firewall (so it will be cisco 800 > linksys befsx41 > edgemarc 4500T4).
This means there will be 2 Linksys BEFSX41 firewalls on my network, one for regular network traffic and the other solely for use by the Edgemarc.
I was able to successfully configure the new firewall by connecting it directly to my pc and then 192.168.1.1 in my browser; then I configured it with the static ip settings provided by my ISP.
Once configured, i connected it in my network where it's supposed to be (cisco 800 > linksys befsx41) however, when I did that, we lost connection to the internet. We were still connected to the network and exchange server... but could not access the internet.
Anyone have any ideas as to what went wrong? I gave the new firewall exactly the same static ip settings as the first firewall (main ip, subnet mask, default gateway, dns1 and dns2) however I did give the new firewall a different local ip.
Any insight would be wonderful. Thanks.
ASKER
We had already informed the service provider that the 4500T4 will be sitting behind a firewall, they didnt seem to have an issue with that.
Can you offer some insight into having 2 hardware firewalls on a network? Why when I have them both connected, the internet gets cut off?
Can you offer some insight into having 2 hardware firewalls on a network? Why when I have them both connected, the internet gets cut off?
Firewall A need to have xxx.xxx.xxx.aaa as the external IP address
Firewall B needs to have xxx.xxx.xxx.bbb as the external IP Address
They can't have the same IP address when they are connected to the Cisco 800
Firewall B needs to have xxx.xxx.xxx.bbb as the external IP Address
They can't have the same IP address when they are connected to the Cisco 800
>>"We had already informed the service provider that the 4500T4 will be sitting behind a firewall, they didn't seem to have an issue with that."
May be fine, just thought I would point it out as it is behind 2, the Cisco and the Linksys.
>>"Why when I have them both connected, the internet gets cut off?"
There is no problems having multiple firewalls the way you have described, but as mentioned the 2 Linksys WAN IP's must be different, and the LAN IP's cannot conflict with any devices on the network. Also you can only have 1 DHCP server on your network. Whether your DHCP server is the existing Linksys or a true server, the second Linksys must have it turned off.
I am assuming your network looks like this:
|=> old Linksys =>|
Internet=>Cisco 800=>| |=> hub=> networked PC's
|=> new Linksys =>|
How is the 4500T4 attached? Single network adapter to the hub/switch?
May be fine, just thought I would point it out as it is behind 2, the Cisco and the Linksys.
>>"Why when I have them both connected, the internet gets cut off?"
There is no problems having multiple firewalls the way you have described, but as mentioned the 2 Linksys WAN IP's must be different, and the LAN IP's cannot conflict with any devices on the network. Also you can only have 1 DHCP server on your network. Whether your DHCP server is the existing Linksys or a true server, the second Linksys must have it turned off.
I am assuming your network looks like this:
|=> old Linksys =>|
Internet=>Cisco 800=>| |=> hub=> networked PC's
|=> new Linksys =>|
How is the 4500T4 attached? Single network adapter to the hub/switch?
ASKER
Heres the short version of my network topology just so you understand my situation:
Current Setup:
Internet
|
Modem
|
Cisco 800
|
Linksys BEFSX41
|
3Com Superstack II Hub
|
NETWORK USERS
Needed Setup:
Internet
|
Modem
|
Cisco 800
_________|________
| |
Linksys BEFSX41 Linksys BEFSX41
| |
Edgemarc 4500T4 NETWORK USERS
How can I accomplish this setup? When I plug in the new firewall, while the original is still plugged in, I lose connection to the internet, but my connection to the network and exchange server remains.
Currently the new firewall's configuration is cloned after the original firewall's configuration for the exception it's local IP address.
The Static IP configurations are as follows:
IP Address: 68.195.302.58
Subnet Mask: 255.255.255.284
Default Gateway: 68.195.302.57
DNS1: 167.206.211.138
DNS2: 167.206.4.7
Local IP for firewall #1: 192.168.1.1
Local IP for firewall #2: 192.168.1.2
(IP's displayed have been changed for security)
dhcp is disabled and firewall is active on both.
Current Setup:
Internet
|
Modem
|
Cisco 800
|
Linksys BEFSX41
|
3Com Superstack II Hub
|
NETWORK USERS
Needed Setup:
Internet
|
Modem
|
Cisco 800
_________|________
| |
Linksys BEFSX41 Linksys BEFSX41
| |
Edgemarc 4500T4 NETWORK USERS
How can I accomplish this setup? When I plug in the new firewall, while the original is still plugged in, I lose connection to the internet, but my connection to the network and exchange server remains.
Currently the new firewall's configuration is cloned after the original firewall's configuration for the exception it's local IP address.
The Static IP configurations are as follows:
IP Address: 68.195.302.58
Subnet Mask: 255.255.255.284
Default Gateway: 68.195.302.57
DNS1: 167.206.211.138
DNS2: 167.206.4.7
Local IP for firewall #1: 192.168.1.1
Local IP for firewall #2: 192.168.1.2
(IP's displayed have been changed for security)
dhcp is disabled and firewall is active on both.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ps though it will be the same on the 2 routers, this cannot be right:
Subnet Mask: 255.255.255.284
Subnet Mask: 255.255.255.284
ASKER
I should mention that
the MODEM has an IP of 68.195.302.57
the CISCO 800 has an IP of 68.195.302.58
and the CISCO 800 has 4 ports on the back 0,1,2,3 and they have the ip's of
0 = 68.195.302.59
1 = 68.195.302.60
2 = 68.195.302.61
3 = 68.195.302.62
The original firewall is plugged into port 0 and the new firewall is plugged into port 1
the MODEM has an IP of 68.195.302.57
the CISCO 800 has an IP of 68.195.302.58
and the CISCO 800 has 4 ports on the back 0,1,2,3 and they have the ip's of
0 = 68.195.302.59
1 = 68.195.302.60
2 = 68.195.302.61
3 = 68.195.302.62
The original firewall is plugged into port 0 and the new firewall is plugged into port 1
ASKER
>> ps though it will be the same on the 2 routers, this cannot be right:
Subnet Mask: 255.255.255.284
I mentioned in a previous post that any IP's i'm posting have been changed for security reasons.
Subnet Mask: 255.255.255.284
I mentioned in a previous post that any IP's i'm posting have been changed for security reasons.
I was just copying and pasting and didn't notice the following cannot be right either:
IP Address: 68.195.302.58
nor this:
Default Gateway: 68.195.302.57
Numbers cannot exceed 255
Don't post it here regardless, for security reasons. The rest of the numbers are fine to list.
Based on your drawing the phone system will be isolated on a different LAN. If so personally I would change it's routers' LAN IP to a different subnet such as 192.168.100.1
IP Address: 68.195.302.58
nor this:
Default Gateway: 68.195.302.57
Numbers cannot exceed 255
Don't post it here regardless, for security reasons. The rest of the numbers are fine to list.
Based on your drawing the phone system will be isolated on a different LAN. If so personally I would change it's routers' LAN IP to a different subnet such as 192.168.100.1
>>"0 = 68.195.302.59
1 = 68.195.302.60"
Sorry missed this comment. Use 0 for Linksts 1 and 1 for Linksys 2, but find the correct IP's those are not right.
1 = 68.195.302.60"
Sorry missed this comment. Use 0 for Linksts 1 and 1 for Linksys 2, but find the correct IP's those are not right.
ASKER
The phone system is not on a different lan. We use a voip phone system call CIC 2.4 Its is software that is installed onto a specially configured server, which process calls and directs them to gateways for SIP conversion (this is where the edgemarc comes into play, our call traffic will be routed through this appliance and delivered to our SIP Trunking host provider).
The internal ip for the IC Server (phone server) is 192.168.1.21.
The internal ip for the IC Server (phone server) is 192.168.1.21.
Also, based on those numbers your subnet mask is almost guaranteed to be 255.255.255.248
ASKER
Update,
I change the IP ADDRESS on firewall 2 from 68.195.302.58 to 68.195.302.59
and now i can connect to the internet while both firewalls are plugged in!
ROBWILL you've been a great deal of help!
I change the IP ADDRESS on firewall 2 from 68.195.302.58 to 68.195.302.59
and now i can connect to the internet while both firewalls are plugged in!
ROBWILL you've been a great deal of help!
No problem, glad you were able to get up and running.
Thanks drotkopf.
Cheers !
--Rob
Thanks drotkopf.
Cheers !
--Rob
I assume different External IP? It needs to be different.
Is the second Linksys connected to your general network, i.e. the "hub". If so you need to turn of DHCP on the LAN configuration of the 2nd Linksys.
The LAN IP you assigned the Linksys cannot conflict with any existing LAN IP.
There is really no need to add the Linksys. The Cisco will give you as much or more protection. Your Edgemarc 4500T4 appliance may also require a direct un-NATed Conection the the Cisco as well.