CISCO ROUTING - How do I route a public IP block on an inside interface to a different public IP block on an outside interface?

I have a Cisco 806 for access to a Cox ethernet handoff.

The information I have from Cox is:

Customer LAN space:
Network for use on customer's equipment: 70.x.28.144/28
Subnet Mask: 255.255.255.240
IP Space Available to Customer: 70.x.28.145 - 70.x.28.158

Customer's Connection to Cox:
IP address of device facing Cox: 70.x.30.98
Subnet Mask: 255.255.255.252
Gateway for device facing Cox: 70.x.30.97

How do I get the 806 config'd to pass traffic for this config?  One address is to a mail server running all usual mail protocols and a web interface.  Another address is to a spam filter.  There are also two addresses going to two SonicWall NSA240s for Internet access to two different buildings.

Any help would be greatly appreciated.
scholfieldautoAsked:
Who is Participating?
 
qbakiesConnect With a Mentor Commented:
I'm not sure what it is you are asking as this seems pretty straight forward.  If the 806 is acting as your border router then you just need to put the 70.x.30.98/30 IP on the interface connected to the handoff and set a default route to 70.x.30.97.  That will send all your traffic out to the world.  From there it depends on what your network diagrams look like on how you connect to the other devices.  You have 14 useable public IPs with the 70.x.28.114/28 subnet and the best thing to do would be to put that on the internal facing interface going to one of the firewalls.  Then you you can do NAT/PAT on the firewalls for your LAN traffic.  

Providing a basic network diagram of your situation will help to clear up exactly how this will work in your situation.
0
 
bkepfordCommented:
806 configuration====

interface FastEthernet 0/0
ip address 70.x.30.98 255.255.255.252
interface FastEthernet 0/0
ip address 70.x.28.145 255.255.255.240

ip route 0.0.0.0 0.0.0.0 70.x.30.97

==============================
Now each of your other devices will be configured with an IP between 70.x.28.146 and 70.x.28.158 with a subnet mask of 255.255.255.240 and a default gateway of 70.x.28.145 (your 806 router)


0
 
bkepfordCommented:
interface FastEthernet 0/0
ip address 70.x.28.145 255.255.255.240

was meant to be

interface FastEthernet 0/1
ip address 70.x.28.145 255.255.255.240
0
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

 
scholfieldautoAuthor Commented:
qbakies: It is pretty basic, just wasn't sure if the 806 was going to require anything special to make it work.

bkepford: Will give that a try in a few minutes.  If it works, I'll close the Q.  Thanks!!!
0
 
qbakiesCommented:
The biggest consideration that I can see is where you are going to want to perform your NAT.  The rest is pretty straightforward.
0
 
scholfieldautoAuthor Commented:
qbakies: I think that's my biggest question... Will the 806 REQUIRE me to NAT, or can I just use it as a router to pass traffic?  Both sets of addresses are public IP, the firewalls are AFTER the router, on Ethernet 0/1.  I guess my question reall is, will a very simple routing scheme get the job done, or do I have to NAT?  I'm going to try the first suggestion and see how it goes shortly.  Thanks!!!
0
 
hostaricaCommented:
you need NAT if you don't have enough public IPs to assign each one to each internal host.  but if your configuration is one to one (the public IP is directly associated with only one device at the other end), then you won't need NAT.  
but as qbakies said, it depends in whether or not the 806 is your border router, and on how your network diagram looks like.
0
 
scholfieldautoAuthor Commented:
I'm sure QBakies and BKepford have it right, as the 806 is the border router for our Cox connection.  The diagram goes ISP ethernet handoff -->: 806 -->  Hosts ( Mail Server / Firewalls (2) / Spam Filter )  I have plenty of public IP addresses, My question was twofold...  I've never done a router config that simple, so I didn't know if just the 0.0.0.0 would do the trick, AND if the 806 required NAT to be in place as some routers do, or if it would do just fine with only routing turned on.  QB and BK are probably going to get a points split when I get into work in the AM and put it online.  Thanks :)
0
 
bkepfordConnect With a Mentor Commented:
The NATing will take place on the Sonicwall as it is where you go from a public IP to a private IP. The reason why the router is so simple is because it si only doing routing and the only subnets that it needs to get to is the Internet(the default route) and the two subnets it is connected to. By NATing at the Sonicwalls the rest of the internal address will look like the Public subnet directly attached to the router.
0
 
scholfieldautoAuthor Commented:
Thanks a mil!!!  It was as easy as you said and I thought. :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.