Attempting to disable NAT and assign Public IP address to Ethernet interface. When assigning new IP to Ethernet0 I receive the error Overlaps with Serial0.

Currently our Cisco 1721 is configured with a NAT pool using our five public IP addresses.  We want to change the IP address on the FastEthernet0 int. from a private IP to a Public IP then connect our firewall to this interface.  I've deleted the NAT pool, removed all NAT configuration and attempted to assign a public IP address to the FastEthernet0 interface.  When I do I receive the error "IP Overlaps with Serial0".  I tried assigning several different IP addresses from our block of IP's but continue to receive the same message.

Thanks!
INetXAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JFrederick29Commented:
You with either need to get another block of addresses for the ethernet side of the router or you can bridge on the router and configure the Firewall with your block of addresses.
0
INetXAuthor Commented:
Thanks...Is it very difficult to change this to bridge mode?  What if I configured the eth int. with an unnumbered IP and use the serial int.?
0
JFrederick29Commented:
I would avoid IP unnumbered.  Bridging is actually very simple.

int f0
no ip address
bridge-group 1

int s0
no ip address
bridge-group 1

bridge 1 protocol ieee

You can then configure your Firewalls outside interface with the IP that you assigned the serial and use the block of addresses for NAT'ing on the Firewall.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Redefining Cyber Security w/ AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Join our webinar on Sept. 21st to learn more about leveraging AI and machine learning to protect your business.

INetXAuthor Commented:
Thanks!!!

Do I need to do anything with the IP addresses on Serial0 or FastEthernet0 or will the commands above take priority?
0
JFrederick29Commented:
The "no ip address" will remove the IP address from the interfaces.
0
INetXAuthor Commented:
Thanks I'll do that.

Is there an quick and easy way to make a backup of the startup-config?
0
JFrederick29Commented:
Sure, you can copy and paste it to notepad or copy it to a TFTP server.  Easiest way though is to simply not save your changes on the router until everything has been fully tested and is working properly.  Once everything is working, you can "copy run start" to save the changes.  If things aren't working and you need to rollback, you can simply reboot the router and you are back to where you were before.
0
INetXAuthor Commented:
Thanks, I just configured it as a bridge and plugged it into my firewall router but the status shows down.  I checked the port and noticed there wasn't a green light on the port so I configured my laptop with a static IP address, plugged in the cable and it shows network cable unplugged??? Do you think I need a cross-over cable?  
0
JFrederick29Commented:
Yes, you need a cross over cable between the Firewall and Router.
0
INetXAuthor Commented:
Thanks, I installed the cross over cable and my firewall router showed status up but I am unable to get out.  I can ping the Public interface on the firewall but I cannot ping the gateway.  I had someone external ping the gateway and they got a reply so I thing something is still wrong with the configuration.  Here it is:

Building configuration...

Current configuration : 638 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
!
!
!
!
interface FastEthernet0
 no ip address
 bridge-group 1
!
interface Serial0
 no ip address
 encapsulation ppp
 bridge-group 1
!
no ip classless
no ip http server
!
!
bridge 1 protocol ieee
!
line con 0
line aux 0
line vty 0
line vty 1 4
!
end

Am I missing something???
0
JFrederick29Commented:
Try turning off routing:

conf t
no ip routing
0
INetXAuthor Commented:
thanks, I did that. No go...
0
JFrederick29Commented:
Hmm, the router config looks okay.  The Firewall has the correct subnet mask?  The same you used on the serial interface?  You can't ping your gateway from the Firewall?
0
INetXAuthor Commented:
That's correct and just for grins I configured the my laptop with the serial0 interface's IP settings and eliminated the firewall.  I still can't get out or even ping the gateway.  I contacted the ISP and they get replies from the gateway.  It's just not making any sense???
0
JFrederick29Commented:
Can you post the IP address you are assigning to the laptop, the subnet mask and the gateway address.  You can "x" out the first two octets of the address.  If you try to ping the gateway and then do an "arp -a" from a command prompt, do you see a MAC address for the gateway?
0
JFrederick29Commented:
Okay, I just noticed you are doing PPP encapsulation on the T1 which I don't think works with bridging.  You can have your ISP assign you a /30 subnet to use on your serial interface and then use your block of addresses on the ethernet interface.  I doubt you would get them to switch to HDLC encapsulation on the T1 so it works with bridging.  Otherwise, you will need to continue to do NAT on the router.
0
INetXAuthor Commented:
This was the original configuration and I used the IP settings from Serial0

Building configuration...

Current configuration : 966 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
!
!
!
!
interface FastEthernet0
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 speed auto
!
interface Serial0
 ip address x.x.x.122 255.255.255.248
 ip nat outside
 encapsulation ppp
!
ip nat log translations syslog
ip nat pool INTERNET x.x.x.122 x.x.x.123 netmask 255.255.255.248
ip nat inside source list 120 pool INTERNET overload
ip nat inside source static tcp 192.168.1.2 3333 interface Serial0
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server
!
!
access-list 120 permit ip 192.168.1.0 0.0.0.255 any
!
line con 0
line aux 0
line vty 0
line vty 1 4
!
end
0
INetXAuthor Commented:
Thanks,

Is there some way to assign the int. serial0 with x.x.x.122 and int. ethernet0 with x.x.x.123 and then plug my firewall into the ethernet port?
0
JFrederick29Commented:
No, unfortunately.  You are best to get a /30 subnet for the serial interface and use the x.x.x.120 subnet on the ethernet interface if you want to do NAT on the Firewall instead of the router.
0
INetXAuthor Commented:
Thanks for your help but I'm thinking the configuration below may do the trick:

Current configuration : 1535 bytes

!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname (order #)
logging queue-limit 100
enable secret
enable password
!
ip subnet-zero
!
!
no ip domain lookup
ip name-server 66.7.224.17 (whatever the DNS servers are for the area)
ip name-server 66.7.224.18
!
!
!
interface FastEthernet0
 description
 ip address XX.X.xxx.xxx 255.255.255.248
 speed auto
 no keepalive
 !
interface Serial0
 description
 ip unnumbered FastEthernet0
 encapsulation ppp
 no fair-queue
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server
!
end
0
JFrederick29Commented:
IP unnumbered should work but I personally avoid it because of certain restrictions it puts in place (can't ping the interface, can't apply security to the interface, etc...) but if it works for your situation, by all means, go for it.
0
INetXAuthor Commented:
Thanks for all your help!
0
INetXAuthor Commented:
I've been in this field for 10 years but only get to work on a Cisco about once a year but I enjoy it every time, even when there is no easy fix...Thanks again for your assistance.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.