• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 438
  • Last Modified:

Cisco router 1841 config routable public address on internal and external interfaces

I have a cisco 1800 router.  I have a ethernet connection from the ISP.   I have their ethernet connection with 1 routable ip applied to fe0/0 and 16 routable ips applied to fe0/1.  

My firewall is connected to fe0/1.  I need all 16 routable ips available on the internet.  I have it working with a linksys router in router mode vs gateway mode but I figure I should be able to use this enterprise cisco router instead.
0
pamiken
Asked:
pamiken
  • 5
  • 3
  • 2
  • +1
2 Solutions
 
GJHopkinsCommented:
Yes that should be fine just add routing to the Cisco

default route to Internet

ip route 0.0.0.0 0.0.0.0 aa.bb.cc.dd where aa.bb.cc.dd is the next hop address - i.e. the ISP router on Fe0/1

for the inside network allocate one address to f0/1 and one to your firewall. the other addresses can be used for physical devices on this LAN if you have any servers here or as port forwarding addresses on the firewall. I presume the firewall is probably doing NAT from your inside network.
0
 
pamikenAuthor Commented:
Thanks for the reply GJHopkins,

I already had that and it didn't work.  I'll post my config.  I changed the ips but assume the
first ip on f0/0 is 65.65.65.66 255.255.255.252 with a gateway of 65.65.65.65 and the 2nd set of ips from the isp is 70.70.70.70 255.255.255.240.  thanks

interface FastEthernet0/0
 description ethernet
 ip address 65.65.65.66 255.255.255.252
 speed 10
 full-duplex
!
interface FastEthernet0/1
 description routable ip
 ip address 70.70.70.70 255.255.255.240
 speed 10
 full-duplex
!
ip default-gateway 65.65.65.65
ip classless
ip route 0.0.0.0 0.0.0.0 65.65.65.65
!
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
0
 
pamikenAuthor Commented:
Also wanted to add that from the console of the router, I can ping the internet and both interfaces successfully.  

However if I plug a laptop to interface f0/1 and use one of the 16 routable addresses, I cannot ping out.

Again thanks for any help you can provide.
0
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

 
ptchubaCommented:
Did you use a crossover cable when you connected your laptop? PC to Router, you need a crossover cable. Then on the PC you use one of the other IPs say 70.70.70.71 mask 255.255.255.240 and gateway: 70.70.70.70.

You should then be able to ping an address on the internet.

Regards
Peter
0
 
pamikenAuthor Commented:
Yes, the laptop can ping the gateway 70.70.70.70 but doesn't route to the f0/0 interface
0
 
ptchubaCommented:
Do you have NAT on the router? Is that the full config?
Otherwise, I hope your ISP has a route for the 70.70.70.70 subnet pointing it to 65.65.65.66. To test that, try an extended ping from your router and specify fa0/1 as your source interface.
or simply

ping 4.2.2.2 source fastethernet0/1.

If you're not natting 70.70.70.70 and this doesn't work, you might want to call your ISP and find out if they have a route for this network pointing to you.
0
 
gvalsekCommented:
what happens if you use extended ping command from the router itslef, i.e.
#ping (return)
then follow the prompts, when you are requested to input the source address or interface type fe0/1 or 70.70.70.70
can you ping or not ?

if not, it should be a routing issue due to your provider, the routing address pool is not correctly routed through 65.65.65.66
0
 
pamikenAuthor Commented:
thanks for the suggestions.  I had to skip work today as I've picked up a cold.  I will not be in front of the router until next tuesday.  I'll try your suggestions out then.  thanks for you help.
0
 
pamikenAuthor Commented:
I ping'd with f0/1 as the source and it FAILED.  I must be missing a route command but don't know what it is.  Here's my full config.

speak01#sho run
Building configuration...

Current configuration : 1028 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname speak01
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$592B$BnKpfbhbuwezezv9G/6js.
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
interface FastEthernet0/0
 description ethernet
 ip address 65.65.65.66 255.255.255.252
 speed 10
 full-duplex
!
interface FastEthernet0/1
 description routable ip
 ip address 70.70.70.70 255.255.255.240
 speed 10
 full-duplex
!
ip default-gateway 65.65.65.65
ip classless
ip route 0.0.0.0 0.0.0.0 65.65.65.65
!
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
thanks
0
 
GJHopkinsCommented:
No this probably  means that the ISP doesn't have a route back to 70.70.70.70 you need to check with them that they are routing correctly to your fe0/1 interface.
0
 
gvalsekCommented:
as I told in my former post, I think that is a missing route at your ISP level.
your router correctly send all packet, not related to its interface topology, to the right interface (Fe0/0) due to this instruction

ip route 0.0.0.0 0.0.0.0 65.65.65.65

so I believe that packets originated by your routable IP (70.70.70.70/28) are going outside but not coming back to your router
0
 
ptchubaCommented:
the problem is from your ISP as I suggested in my original post.

Regards
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 5
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now