FMabey
asked on
Cisco 2811 Bridge setup
Hi,
I'd really appreciate some assistance.
I need to set up my Cisco 2811 router as a bridge with no ip addresses and pass my only public IP address from the router where it is presently (see Current-Router-Config attached), to my ASA 510 firewall. I've set up my router to the requirements of my ISP (see the Configuration section of the attached adslguide-irb-staticstep.p df) which works fine, but I need to move the public IP address inside to the firewall and set up some VPNs etc.
I was hoping to achieve this with the following config: (I've changed the IP addresses)
-------------------------- ---------- ---------- ---------- ---------- --------
!
Interface FastEthernet0/0
no ip address 10.3.10.1 255.255.0.0
no ip nat inside
switchport access vlan 1
!
interface vlan 1
bridge group 1
!
interface BVI1
no ip address 1.2.123.108 255.255.248.0
no ip nat outside
!
no bridge 1 route ip
-------------------------- ---------- ---------- ---------- ---------- -------
I was then going to configure the outside interface of my firewall with the 1.2.123.108 255.255.248.0 address.
Would I then need to remove the default route 1.2.120.1 from the router and put it on the firewall?
What do I do about access-list 1?
Can anyone advise me as to any additional or different configuration I'll need to make this work?
Current-Router-Config.txt
adslguide-irb-staticstep.pdf
I'd really appreciate some assistance.
I need to set up my Cisco 2811 router as a bridge with no ip addresses and pass my only public IP address from the router where it is presently (see Current-Router-Config attached), to my ASA 510 firewall. I've set up my router to the requirements of my ISP (see the Configuration section of the attached adslguide-irb-staticstep.p
I was hoping to achieve this with the following config: (I've changed the IP addresses)
--------------------------
!
Interface FastEthernet0/0
no ip address 10.3.10.1 255.255.0.0
no ip nat inside
switchport access vlan 1
!
interface vlan 1
bridge group 1
!
interface BVI1
no ip address 1.2.123.108 255.255.248.0
no ip nat outside
!
no bridge 1 route ip
--------------------------
I was then going to configure the outside interface of my firewall with the 1.2.123.108 255.255.248.0 address.
Would I then need to remove the default route 1.2.120.1 from the router and put it on the firewall?
What do I do about access-list 1?
Can anyone advise me as to any additional or different configuration I'll need to make this work?
Current-Router-Config.txt
adslguide-irb-staticstep.pdf
ASKER
Hi Don,
Thanks for your reply. As you can see from my config, I have already set up bridge group 1 and interface ATM0/3/0 is already a member. I can see that I have to put f0/0 into bridge group 1 whether directly or through vlan 1. I also need to remove my public IP from BVI1 and add it to the ouside interface of my firewall, but what to do with my default route and access list 1? I'm thinking to remove access-list 1 and the default route and put the ddefault route on the firewall. What are your thoughts?
Regards
Egg
Thanks for your reply. As you can see from my config, I have already set up bridge group 1 and interface ATM0/3/0 is already a member. I can see that I have to put f0/0 into bridge group 1 whether directly or through vlan 1. I also need to remove my public IP from BVI1 and add it to the ouside interface of my firewall, but what to do with my default route and access list 1? I'm thinking to remove access-list 1 and the default route and put the ddefault route on the firewall. What are your thoughts?
Regards
Egg
Default route goes on the firewall since it now becomes the default gateway for your clients. Since router is now acting as a bridge, ACLs are not needed except for protecting access to the device itself for management.
The access-list is only for NAT/PAT at the router. Since the router will not be doing NAT/PAT anymore, but instead bridging to the firewall, the access-list and NAT statement are not needed. The firewall will need to perform the NAT/PAT for your inside hosts.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Simple enough. See below:
Open in new window