Solved

CISCO ROUTING - How do I route a public IP block on an inside interface to a different public IP block on an outside interface?

Posted on 2010-09-01
10
545 Views
Last Modified: 2012-05-10
I have a Cisco 806 for access to a Cox ethernet handoff.

The information I have from Cox is:

Customer LAN space:
Network for use on customer's equipment: 70.x.28.144/28
Subnet Mask: 255.255.255.240
IP Space Available to Customer: 70.x.28.145 - 70.x.28.158

Customer's Connection to Cox:
IP address of device facing Cox: 70.x.30.98
Subnet Mask: 255.255.255.252
Gateway for device facing Cox: 70.x.30.97

How do I get the 806 config'd to pass traffic for this config?  One address is to a mail server running all usual mail protocols and a web interface.  Another address is to a spam filter.  There are also two addresses going to two SonicWall NSA240s for Internet access to two different buildings.

Any help would be greatly appreciated.
0
Comment
Question by:scholfieldauto
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 15

Expert Comment

by:bkepford
ID: 33580996
806 configuration====

interface FastEthernet 0/0
ip address 70.x.30.98 255.255.255.252
interface FastEthernet 0/0
ip address 70.x.28.145 255.255.255.240

ip route 0.0.0.0 0.0.0.0 70.x.30.97

==============================
Now each of your other devices will be configured with an IP between 70.x.28.146 and 70.x.28.158 with a subnet mask of 255.255.255.240 and a default gateway of 70.x.28.145 (your 806 router)


0
 
LVL 10

Accepted Solution

by:
qbakies earned 250 total points
ID: 33581069
I'm not sure what it is you are asking as this seems pretty straight forward.  If the 806 is acting as your border router then you just need to put the 70.x.30.98/30 IP on the interface connected to the handoff and set a default route to 70.x.30.97.  That will send all your traffic out to the world.  From there it depends on what your network diagrams look like on how you connect to the other devices.  You have 14 useable public IPs with the 70.x.28.114/28 subnet and the best thing to do would be to put that on the internal facing interface going to one of the firewalls.  Then you you can do NAT/PAT on the firewalls for your LAN traffic.  

Providing a basic network diagram of your situation will help to clear up exactly how this will work in your situation.
0
 
LVL 15

Expert Comment

by:bkepford
ID: 33581159
interface FastEthernet 0/0
ip address 70.x.28.145 255.255.255.240

was meant to be

interface FastEthernet 0/1
ip address 70.x.28.145 255.255.255.240
0
Ransomware - Can it be prevented?

Worried about ransomware attacks hitting your organization?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with WatchGuard Total Security!

 

Author Comment

by:scholfieldauto
ID: 33581252
qbakies: It is pretty basic, just wasn't sure if the 806 was going to require anything special to make it work.

bkepford: Will give that a try in a few minutes.  If it works, I'll close the Q.  Thanks!!!
0
 
LVL 10

Expert Comment

by:qbakies
ID: 33581265
The biggest consideration that I can see is where you are going to want to perform your NAT.  The rest is pretty straightforward.
0
 

Author Comment

by:scholfieldauto
ID: 33581723
qbakies: I think that's my biggest question... Will the 806 REQUIRE me to NAT, or can I just use it as a router to pass traffic?  Both sets of addresses are public IP, the firewalls are AFTER the router, on Ethernet 0/1.  I guess my question reall is, will a very simple routing scheme get the job done, or do I have to NAT?  I'm going to try the first suggestion and see how it goes shortly.  Thanks!!!
0
 

Expert Comment

by:hostarica
ID: 33582824
you need NAT if you don't have enough public IPs to assign each one to each internal host.  but if your configuration is one to one (the public IP is directly associated with only one device at the other end), then you won't need NAT.  
but as qbakies said, it depends in whether or not the 806 is your border router, and on how your network diagram looks like.
0
 

Author Comment

by:scholfieldauto
ID: 33582859
I'm sure QBakies and BKepford have it right, as the 806 is the border router for our Cox connection.  The diagram goes ISP ethernet handoff -->: 806 -->  Hosts ( Mail Server / Firewalls (2) / Spam Filter )  I have plenty of public IP addresses, My question was twofold...  I've never done a router config that simple, so I didn't know if just the 0.0.0.0 would do the trick, AND if the 806 required NAT to be in place as some routers do, or if it would do just fine with only routing turned on.  QB and BK are probably going to get a points split when I get into work in the AM and put it online.  Thanks :)
0
 
LVL 15

Assisted Solution

by:bkepford
bkepford earned 250 total points
ID: 33587016
The NATing will take place on the Sonicwall as it is where you go from a public IP to a private IP. The reason why the router is so simple is because it si only doing routing and the only subnets that it needs to get to is the Internet(the default route) and the two subnets it is connected to. By NATing at the Sonicwalls the rest of the internal address will look like the Public subnet directly attached to the router.
0
 

Author Closing Comment

by:scholfieldauto
ID: 33600915
Thanks a mil!!!  It was as easy as you said and I thought. :)
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Phone implementation supported backups 1 67
Cisco TACACS+ appliance run same IOS as Cisco routers/switches 7 70
Cisco ASA 5505 firewall open port 4 50
types of VPN 2 45
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

742 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question