Solved

network design / ip addressing / ip forwardin

Posted on 2011-03-10
15
340 Views
Last Modified: 2012-05-11
Hi Experts, I have a few questions

Here's my setup,

 95.x.x.x /29 ) ----- ( T-1 ) ------pt to pt -------- (T-1)  -------- ( End Device )   ------| 10.0.0.0/24
  adsl modem           router                          router                     router
     public ip
 


So you have 3 segments here
segment 1   Adsl to router 1
segment 2   router 1 to router 2
segment 3   router 2 to end-user devices


I HAVE THIS SETUP :

Segment 1 subnet 192.168.50.0/30  with
adsl internal ip: 192.168.50.1
router1 ip: 192.168.50.2  


Segment 2 subnet 192.168.50.4/30
router 1 ip: 192.168.50.5
router 2 ip: 192.168.50.6

Segment 3 subnet 192.168.51.0/24
router 2 ip: 192.168.51.1

My Lan needs to be 10.0.0.0 /24

How do I forward my Public Ip address across the 2 segments to be able to login to my end device :

whats my gateway for my end device ?


Thanks
0
Comment
Question by:cisco20
  • 6
  • 6
  • 2
  • +1
15 Comments
 
LVL 24

Expert Comment

by:rfc1180
ID: 35099567
There are several ways to ccomplish what you want to do:

1. Add a static NAT rule
2. Route public IP address acrossed your Private backbone

If  95.x.x.x /29 is a routed subnet and not attached to an interface you can add static routes on each of the routers in the path

First T1 router:

ip route 95.x.x.x 255.255.255.248  192.168.50.6

Second T1 router:

ip route 95.x.x.x 255.255.255.248 192.168.51.1

Or depending on where you are natting, you would add static nat statments for the Inside addresses that you wanted to extend to.

Are you able to post your configs?

Billy
0
 

Author Comment

by:cisco20
ID: 35099889
I have no added routing configs only the ip design in place.

Note : My goal is not to have 3 networks , I only need my end device to communicate to the internet and I should be able to access it preferably with an unnated solution.

The routers in between are only for extending the networks public ip.

does this make sense ?
0
 
LVL 13

Expert Comment

by:kdearing
ID: 35100591
You have to use NAT going from a public IP to a private IP and vice versa.
0
 
LVL 24

Expert Comment

by:rfc1180
ID: 35100730
>and I should be able to access it preferably with an unnated solution.
You do not need to use NAT to accomplish what you are wanting to do if I understand you correctly

is the 95.x.x.x /29 a routed subnet to a /30 or do you want to use an IP from 95.x.x.x /29
for a host in the 10.0.0.0/24?
0
 

Author Comment

by:cisco20
ID: 35100884
yes I believe you got it excpet for the part of using a 95 ip on my end device. Those 3 networks segments are setup with private ips so my end device will have a private ip with the ability to be accessed using the 95.x.x.x. /29  
0
 
LVL 24

Expert Comment

by:rfc1180
ID: 35100979
so then you will have to use NAT for that then; there is no way around this.
0
 

Author Comment

by:cisco20
ID: 35101237
the 95.x.x.x will NAT to my end device ??
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 24

Expert Comment

by:rfc1180
ID: 35101355
>the 95.x.x.x will NAT to my end device ??
as long as all your internal routing is setup, yes.

Something like

interface x/x <---interface connecting to inside network
ip nat inside

interface x/x <---- interface connecting to ADSL router (with public IP)
ip nat outside

ip nat inside source list 100 interface FastEthernetx/x overload   <---- interface for outside
ip nat inside source static tcp 10.0.0.2 22 95.x.x.x 22 extenable    

access-list 100 permit ip 10.0.0.0 0.0.0.255 any

Billy





0
 
LVL 3

Expert Comment

by:alexjfisher
ID: 35101564
You need to perform static NAT on your ADSL router mapping the internet address to the private address you'll use on your end device.

You'll also need to make sure that your adsl router can route to the end router and that the end router can route back to the internet.

Either use static routes, or setup a dynamic routing protocol such as RIP or OSPF on all your devices.
If using dynamic routing, remember to advertise your ADSL routers default route (route to the internet) back into the routing protocol so that all routers will no how to reach the internet.
0
 
LVL 24

Accepted Solution

by:
rfc1180 earned 250 total points
ID: 35101615
>You need to perform static NAT on your ADSL router mapping the internet address to the private address you'll use on your end device.

Correct, my example is assuming that the ADSL router is capable of being configured in RFC1483 bridge mode and moving the IP space to the T1 Router; either case, NAT is needed.
0
 
LVL 3

Assisted Solution

by:alexjfisher
alexjfisher earned 250 total points
ID: 35101983
Correct, my example is assuming that the ADSL router is capable of being configured in RFC1483 bridge mode and moving the IP space to the T1 Router; either case, NAT is needed.

Agreed.  It really depends on what the 'ADSL modem' is.  Is it just an ethernet ADSL modem, (I just ordered a pair of Dreytek Vigor 120s today - can't recommend them enough) or is it a complete router platform?  If it's a router, can it do RIP or OSPF?  If not, the best solution is probably to configure it in bridge mode if possible and leave all the routing to the 'proper' routers.
0
 

Author Comment

by:cisco20
ID: 35130463
Thanks - Modem is now bridged and am able to accest the first router downstream. Rather than having two routers before my end device as previously stated I was able to eliminate one of the routers from the setup and can now terminate the access on my end device.


95.x.x.x /29 ) --------- ( T-1 ) ------pt to pt ------ (End Device )   ------| 10.0.0.0/24
  adsl modem            1st router                              2nd  router                     Lan


Question: How do I adrress to be able to access directly - using a public ip from my /29 pool ?


0
 
LVL 24

Expert Comment

by:rfc1180
ID: 35130776
Please post your 1st t1 router config
0
 

Author Comment

by:cisco20
ID: 35132532

Here are the relevant configs . Thanks.


hostname "router_01"

!
ip subnet-zero
ip classless
ip routing
!
!
no auto-config
!
event-history on
no logging forwarding
no logging email
!
no ip firewall alg msn
no ip firewall alg mszone
no ip firewall alg h323
!

!
interface eth 0/1
  description ***Connection to ADSL Modem ****
  no ip address
  no shutdown
!
!
!
interface t1 1/1
  clock source internal
  shutdown
!
interface t1 1/2
  description ***Connection to End Device T1/1***
  clock source internal
  tdm-group 1 timeslots 1-24 speed 64
  no shutdown
!
interface ppp 1
  ip unnumbered ppp 2
  no shutdown
  cross-connect 1 t1 1/2 1 ppp 1
!
interface ppp 2
  ip address  95.xx.xx.222  255.255.255.248
  no fair-queue
  ppp chap hostname       
  ppp chap password
  no shutdown
  cross-connect 2 eth 0/1 ppp 2
!
interface hdlc 1
  no ip address
  no shutdown
!
!
!
ip route 0.0.0.0 0.0.0.0 ppp 2


end






0
 

Author Closing Comment

by:cisco20
ID: 35291802
Thanks bridgin htr modem was a much easier solution and making first router pppoe with isp.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IP Calculator 10 55
Guest Wi-Fi Marketing solution required 8 59
Cisco Access Points AIR-AP1852I-E-K9 , use as mobility controller / Autonomous 3 41
network error 8 33
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now