Cisco 2811 Bridge setup

Hi,

I'd really appreciate some assistance.

I need to set up my Cisco 2811 router as a bridge with no ip addresses and pass my only public IP address from the router where it is presently (see Current-Router-Config attached), to my ASA 510 firewall. I've set up my router to the requirements of my ISP (see the Configuration section of the attached adslguide-irb-staticstep.pdf) which works fine, but I need to move the public IP address inside to the firewall and set up some VPNs etc.

I was hoping to achieve this with the following config: (I've changed the IP addresses)
--------------------------------------------------------------------------
!
Interface FastEthernet0/0
no ip address 10.3.10.1 255.255.0.0
no ip nat inside
switchport access vlan 1
!
interface vlan 1
bridge group 1
!
interface BVI1
no ip address 1.2.123.108 255.255.248.0
no ip nat outside
!
no bridge 1 route ip
-------------------------------------------------------------------------
I was then going to configure the outside interface of my firewall with the 1.2.123.108 255.255.248.0 address.
Would I then need to remove the default route 1.2.120.1 from the router and put it on the firewall?
What do I do about access-list 1?
Can anyone advise me as to any additional or different configuration I'll need to make this work?


Current-Router-Config.txt
adslguide-irb-staticstep.pdf
LVL 3
FMabeyAsked:
Who is Participating?
 
Don JohnstonInstructorCommented:
Once you remove the ip addresses from the interfaces and disable ip routing, all of the ip related commands become irrelevant.
0
 
Don JohnstonInstructorCommented:
>I need to set up my Cisco 2811 router as a bridge  with no ip addresses

Simple enough. See below:

no ip routing
!
bridge 1 protocol ieee
!
int f0/0
 no ip address
 bridge-group 1
 no shut
!
int f0/1
 no ip address
 bridge-group 1
 no shut
!
end
 

Open in new window

0
 
FMabeyAuthor Commented:
Hi Don,

Thanks for your reply. As you can see from my config, I have already set up bridge group 1 and interface ATM0/3/0 is already a member. I can see that I have to put f0/0 into bridge group 1 whether directly or through vlan 1. I also need to remove my public IP from BVI1 and add it to the ouside interface of my firewall, but what to do with my default route and access list 1? I'm thinking to remove access-list 1 and the default route and put the ddefault route on the firewall. What are your thoughts?

Regards

Egg
0
 
Router_MonkeyCommented:
Default route goes on the firewall since it now becomes the default gateway for your clients. Since router is now acting as a bridge, ACLs are not needed except for protecting access to the device itself for management.
0
 
Router_MonkeyCommented:
The access-list is only for NAT/PAT at the router. Since the router will  not be doing NAT/PAT anymore, but instead bridging to the firewall, the access-list and NAT statement are not needed. The firewall will need to perform the NAT/PAT for your inside hosts.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.