Solved

CISCO ROUTING - How do I route a public IP block on an inside interface to a different public IP block on an outside interface?

Posted on 2010-09-01
10
547 Views
Last Modified: 2012-05-10
I have a Cisco 806 for access to a Cox ethernet handoff.

The information I have from Cox is:

Customer LAN space:
Network for use on customer's equipment: 70.x.28.144/28
Subnet Mask: 255.255.255.240
IP Space Available to Customer: 70.x.28.145 - 70.x.28.158

Customer's Connection to Cox:
IP address of device facing Cox: 70.x.30.98
Subnet Mask: 255.255.255.252
Gateway for device facing Cox: 70.x.30.97

How do I get the 806 config'd to pass traffic for this config?  One address is to a mail server running all usual mail protocols and a web interface.  Another address is to a spam filter.  There are also two addresses going to two SonicWall NSA240s for Internet access to two different buildings.

Any help would be greatly appreciated.
0
Comment
Question by:scholfieldauto
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 15

Expert Comment

by:bkepford
ID: 33580996
806 configuration====

interface FastEthernet 0/0
ip address 70.x.30.98 255.255.255.252
interface FastEthernet 0/0
ip address 70.x.28.145 255.255.255.240

ip route 0.0.0.0 0.0.0.0 70.x.30.97

==============================
Now each of your other devices will be configured with an IP between 70.x.28.146 and 70.x.28.158 with a subnet mask of 255.255.255.240 and a default gateway of 70.x.28.145 (your 806 router)


0
 
LVL 10

Accepted Solution

by:
qbakies earned 250 total points
ID: 33581069
I'm not sure what it is you are asking as this seems pretty straight forward.  If the 806 is acting as your border router then you just need to put the 70.x.30.98/30 IP on the interface connected to the handoff and set a default route to 70.x.30.97.  That will send all your traffic out to the world.  From there it depends on what your network diagrams look like on how you connect to the other devices.  You have 14 useable public IPs with the 70.x.28.114/28 subnet and the best thing to do would be to put that on the internal facing interface going to one of the firewalls.  Then you you can do NAT/PAT on the firewalls for your LAN traffic.  

Providing a basic network diagram of your situation will help to clear up exactly how this will work in your situation.
0
 
LVL 15

Expert Comment

by:bkepford
ID: 33581159
interface FastEthernet 0/0
ip address 70.x.28.145 255.255.255.240

was meant to be

interface FastEthernet 0/1
ip address 70.x.28.145 255.255.255.240
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:scholfieldauto
ID: 33581252
qbakies: It is pretty basic, just wasn't sure if the 806 was going to require anything special to make it work.

bkepford: Will give that a try in a few minutes.  If it works, I'll close the Q.  Thanks!!!
0
 
LVL 10

Expert Comment

by:qbakies
ID: 33581265
The biggest consideration that I can see is where you are going to want to perform your NAT.  The rest is pretty straightforward.
0
 

Author Comment

by:scholfieldauto
ID: 33581723
qbakies: I think that's my biggest question... Will the 806 REQUIRE me to NAT, or can I just use it as a router to pass traffic?  Both sets of addresses are public IP, the firewalls are AFTER the router, on Ethernet 0/1.  I guess my question reall is, will a very simple routing scheme get the job done, or do I have to NAT?  I'm going to try the first suggestion and see how it goes shortly.  Thanks!!!
0
 

Expert Comment

by:hostarica
ID: 33582824
you need NAT if you don't have enough public IPs to assign each one to each internal host.  but if your configuration is one to one (the public IP is directly associated with only one device at the other end), then you won't need NAT.  
but as qbakies said, it depends in whether or not the 806 is your border router, and on how your network diagram looks like.
0
 

Author Comment

by:scholfieldauto
ID: 33582859
I'm sure QBakies and BKepford have it right, as the 806 is the border router for our Cox connection.  The diagram goes ISP ethernet handoff -->: 806 -->  Hosts ( Mail Server / Firewalls (2) / Spam Filter )  I have plenty of public IP addresses, My question was twofold...  I've never done a router config that simple, so I didn't know if just the 0.0.0.0 would do the trick, AND if the 806 required NAT to be in place as some routers do, or if it would do just fine with only routing turned on.  QB and BK are probably going to get a points split when I get into work in the AM and put it online.  Thanks :)
0
 
LVL 15

Assisted Solution

by:bkepford
bkepford earned 250 total points
ID: 33587016
The NATing will take place on the Sonicwall as it is where you go from a public IP to a private IP. The reason why the router is so simple is because it si only doing routing and the only subnets that it needs to get to is the Internet(the default route) and the two subnets it is connected to. By NATing at the Sonicwalls the rest of the internal address will look like the Public subnet directly attached to the router.
0
 

Author Closing Comment

by:scholfieldauto
ID: 33600915
Thanks a mil!!!  It was as easy as you said and I thought. :)
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question