Solved

network design / ip addressing / ip forwardin

Posted on 2011-03-10
15
344 Views
Last Modified: 2012-05-11
Hi Experts, I have a few questions

Here's my setup,

 95.x.x.x /29 ) ----- ( T-1 ) ------pt to pt -------- (T-1)  -------- ( End Device )   ------| 10.0.0.0/24
  adsl modem           router                          router                     router
     public ip
 


So you have 3 segments here
segment 1   Adsl to router 1
segment 2   router 1 to router 2
segment 3   router 2 to end-user devices


I HAVE THIS SETUP :

Segment 1 subnet 192.168.50.0/30  with
adsl internal ip: 192.168.50.1
router1 ip: 192.168.50.2  


Segment 2 subnet 192.168.50.4/30
router 1 ip: 192.168.50.5
router 2 ip: 192.168.50.6

Segment 3 subnet 192.168.51.0/24
router 2 ip: 192.168.51.1

My Lan needs to be 10.0.0.0 /24

How do I forward my Public Ip address across the 2 segments to be able to login to my end device :

whats my gateway for my end device ?


Thanks
0
Comment
Question by:cisco20
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
  • 2
  • +1
15 Comments
 
LVL 24

Expert Comment

by:rfc1180
ID: 35099567
There are several ways to ccomplish what you want to do:

1. Add a static NAT rule
2. Route public IP address acrossed your Private backbone

If  95.x.x.x /29 is a routed subnet and not attached to an interface you can add static routes on each of the routers in the path

First T1 router:

ip route 95.x.x.x 255.255.255.248  192.168.50.6

Second T1 router:

ip route 95.x.x.x 255.255.255.248 192.168.51.1

Or depending on where you are natting, you would add static nat statments for the Inside addresses that you wanted to extend to.

Are you able to post your configs?

Billy
0
 

Author Comment

by:cisco20
ID: 35099889
I have no added routing configs only the ip design in place.

Note : My goal is not to have 3 networks , I only need my end device to communicate to the internet and I should be able to access it preferably with an unnated solution.

The routers in between are only for extending the networks public ip.

does this make sense ?
0
 
LVL 13

Expert Comment

by:kdearing
ID: 35100591
You have to use NAT going from a public IP to a private IP and vice versa.
0
Report: Liquid Web beats Amazon, Rackspace & More

A study by performance analyst firm Cloud Spectator finds that Liquid Web beats rivals Amazon, Rackspace and DigitalOcean when it comes to website and cloud application performance.

 
LVL 24

Expert Comment

by:rfc1180
ID: 35100730
>and I should be able to access it preferably with an unnated solution.
You do not need to use NAT to accomplish what you are wanting to do if I understand you correctly

is the 95.x.x.x /29 a routed subnet to a /30 or do you want to use an IP from 95.x.x.x /29
for a host in the 10.0.0.0/24?
0
 

Author Comment

by:cisco20
ID: 35100884
yes I believe you got it excpet for the part of using a 95 ip on my end device. Those 3 networks segments are setup with private ips so my end device will have a private ip with the ability to be accessed using the 95.x.x.x. /29  
0
 
LVL 24

Expert Comment

by:rfc1180
ID: 35100979
so then you will have to use NAT for that then; there is no way around this.
0
 

Author Comment

by:cisco20
ID: 35101237
the 95.x.x.x will NAT to my end device ??
0
 
LVL 24

Expert Comment

by:rfc1180
ID: 35101355
>the 95.x.x.x will NAT to my end device ??
as long as all your internal routing is setup, yes.

Something like

interface x/x <---interface connecting to inside network
ip nat inside

interface x/x <---- interface connecting to ADSL router (with public IP)
ip nat outside

ip nat inside source list 100 interface FastEthernetx/x overload   <---- interface for outside
ip nat inside source static tcp 10.0.0.2 22 95.x.x.x 22 extenable    

access-list 100 permit ip 10.0.0.0 0.0.0.255 any

Billy





0
 
LVL 3

Expert Comment

by:alexjfisher
ID: 35101564
You need to perform static NAT on your ADSL router mapping the internet address to the private address you'll use on your end device.

You'll also need to make sure that your adsl router can route to the end router and that the end router can route back to the internet.

Either use static routes, or setup a dynamic routing protocol such as RIP or OSPF on all your devices.
If using dynamic routing, remember to advertise your ADSL routers default route (route to the internet) back into the routing protocol so that all routers will no how to reach the internet.
0
 
LVL 24

Accepted Solution

by:
rfc1180 earned 250 total points
ID: 35101615
>You need to perform static NAT on your ADSL router mapping the internet address to the private address you'll use on your end device.

Correct, my example is assuming that the ADSL router is capable of being configured in RFC1483 bridge mode and moving the IP space to the T1 Router; either case, NAT is needed.
0
 
LVL 3

Assisted Solution

by:alexjfisher
alexjfisher earned 250 total points
ID: 35101983
Correct, my example is assuming that the ADSL router is capable of being configured in RFC1483 bridge mode and moving the IP space to the T1 Router; either case, NAT is needed.

Agreed.  It really depends on what the 'ADSL modem' is.  Is it just an ethernet ADSL modem, (I just ordered a pair of Dreytek Vigor 120s today - can't recommend them enough) or is it a complete router platform?  If it's a router, can it do RIP or OSPF?  If not, the best solution is probably to configure it in bridge mode if possible and leave all the routing to the 'proper' routers.
0
 

Author Comment

by:cisco20
ID: 35130463
Thanks - Modem is now bridged and am able to accest the first router downstream. Rather than having two routers before my end device as previously stated I was able to eliminate one of the routers from the setup and can now terminate the access on my end device.


95.x.x.x /29 ) --------- ( T-1 ) ------pt to pt ------ (End Device )   ------| 10.0.0.0/24
  adsl modem            1st router                              2nd  router                     Lan


Question: How do I adrress to be able to access directly - using a public ip from my /29 pool ?


0
 
LVL 24

Expert Comment

by:rfc1180
ID: 35130776
Please post your 1st t1 router config
0
 

Author Comment

by:cisco20
ID: 35132532

Here are the relevant configs . Thanks.


hostname "router_01"

!
ip subnet-zero
ip classless
ip routing
!
!
no auto-config
!
event-history on
no logging forwarding
no logging email
!
no ip firewall alg msn
no ip firewall alg mszone
no ip firewall alg h323
!

!
interface eth 0/1
  description ***Connection to ADSL Modem ****
  no ip address
  no shutdown
!
!
!
interface t1 1/1
  clock source internal
  shutdown
!
interface t1 1/2
  description ***Connection to End Device T1/1***
  clock source internal
  tdm-group 1 timeslots 1-24 speed 64
  no shutdown
!
interface ppp 1
  ip unnumbered ppp 2
  no shutdown
  cross-connect 1 t1 1/2 1 ppp 1
!
interface ppp 2
  ip address  95.xx.xx.222  255.255.255.248
  no fair-queue
  ppp chap hostname       
  ppp chap password
  no shutdown
  cross-connect 2 eth 0/1 ppp 2
!
interface hdlc 1
  no ip address
  no shutdown
!
!
!
ip route 0.0.0.0 0.0.0.0 ppp 2


end






0
 

Author Closing Comment

by:cisco20
ID: 35291802
Thanks bridgin htr modem was a much easier solution and making first router pppoe with isp.
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question