Multiple Cisco Routers on one connection
Hello experts.
I've never encountered this scenario so I am hoping someone can point me in the right direction.
This is the scenario: I have one Cisco 1721 router which has a primary and secondary network setup on F0. There is a T1 connection here which provides an MPLS connection back to the CORP offiice. The CORP office has an Internet connection via a seperate router and 3xT connection.
10.0.43.1 = pri network
10.254.0.1 = sec network
These point to the MPLS network router --> 10.10.0.1 (Cisco 2821) --> 10.10.1.8 = Firewall Device --> Internet
Currently, I would like to seperate the two networks to two seperate Cisco routers, both 1721's. So:
10.0.43.1 --> Router 1 --> 10.10.0.1 (Cisco 2821) --> 10.10.1.8 = Firewall Device --> Internet
10.254.0.1 --> Router 2 --> 10.10.0.1 (Cisco 2821) --> 10.10.1.8 = Firewall Device --> Internet
With this scenario, here is what I need to accomplish:
10.0.43.1 is setup with an ACL that only allows certain traffiic across the MPLS network, and very few ports are open. Internet access is turned off except a few IPs which are mandated via the firewall policies on the firewall.
10.254.0.1 will be much less restricted and allow most traffic controlled via firewall policy.
However, there will only be one T1 connection to share bwtween the two. So, how do I accomplish what I need? My logic says that the least restricted router, 10.254.0.1 should be where the T1 comes in at, and that router should allow access to the other router for restricted access? Basically, all I need to happen is that 10.254 is least restricted and 10.43 is very restricted via ACL and Firewall policy. My confusion is with the MPLS network and where to place the T1.
How can I accomplish this with best practices in mind?
Thanks for the help all!
I've never encountered this scenario so I am hoping someone can point me in the right direction.
This is the scenario: I have one Cisco 1721 router which has a primary and secondary network setup on F0. There is a T1 connection here which provides an MPLS connection back to the CORP offiice. The CORP office has an Internet connection via a seperate router and 3xT connection.
10.0.43.1 = pri network
10.254.0.1 = sec network
These point to the MPLS network router --> 10.10.0.1 (Cisco 2821) --> 10.10.1.8 = Firewall Device --> Internet
Currently, I would like to seperate the two networks to two seperate Cisco routers, both 1721's. So:
10.0.43.1 --> Router 1 --> 10.10.0.1 (Cisco 2821) --> 10.10.1.8 = Firewall Device --> Internet
10.254.0.1 --> Router 2 --> 10.10.0.1 (Cisco 2821) --> 10.10.1.8 = Firewall Device --> Internet
With this scenario, here is what I need to accomplish:
10.0.43.1 is setup with an ACL that only allows certain traffiic across the MPLS network, and very few ports are open. Internet access is turned off except a few IPs which are mandated via the firewall policies on the firewall.
10.254.0.1 will be much less restricted and allow most traffic controlled via firewall policy.
However, there will only be one T1 connection to share bwtween the two. So, how do I accomplish what I need? My logic says that the least restricted router, 10.254.0.1 should be where the T1 comes in at, and that router should allow access to the other router for restricted access? Basically, all I need to happen is that 10.254 is least restricted and 10.43 is very restricted via ACL and Firewall policy. My confusion is with the MPLS network and where to place the T1.
How can I accomplish this with best practices in mind?
Thanks for the help all!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Okay. Let me re-phrase my last post. If I leave router one as the "outside router" and then have the inside router connect to it, I should still be able to accomplish what I need, correct? Here are my thoughts:
Outside Router
MPLS = Serial WIC
Primary Network 10.0.43.1 = F0 > switch 1 > workstations at location 43
Secondary Network 10.0.254.1 = F0 > switch 1 > inside router
Inside Router
F0 = 10.254.1.2
E0 (Ethernet WIC) = 10.251.0.1
ip route 0.0.0.0 0.0.0.0 10.0.254.1
F0 anf E0 are natted.
I haven't natted anything yet, as I ran out of time before meeting, but I could see the outside router deom an static IP of 10.251.0.2.
If I nat F0 and E0 shouldn't I be able to get Internet that way? Then form there I can just create firewall policies and ACL's on the routers to pass whatever traffic I want.
Will this work?
Thanks!
Outside Router
MPLS = Serial WIC
Primary Network 10.0.43.1 = F0 > switch 1 > workstations at location 43
Secondary Network 10.0.254.1 = F0 > switch 1 > inside router
Inside Router
F0 = 10.254.1.2
E0 (Ethernet WIC) = 10.251.0.1
ip route 0.0.0.0 0.0.0.0 10.0.254.1
F0 anf E0 are natted.
I haven't natted anything yet, as I ran out of time before meeting, but I could see the outside router deom an static IP of 10.251.0.2.
If I nat F0 and E0 shouldn't I be able to get Internet that way? Then form there I can just create firewall policies and ACL's on the routers to pass whatever traffic I want.
Will this work?
Thanks!
ASKER