Solved

Cisco 881 SHDSL Router to Snapgear Firewall

Posted on 2012-03-18
5
915 Views
Last Modified: 2012-03-20
Hi Experts,

I ask for your assistance configuring our Cisco 881 and a Snapgear SG580 Firewall...

This is what we have...

Internet---Cisco881(SHDSL)----Snapgear SG580(Firewall)----LAN

We have the Cisco 881 router NAT'ting to the Firewall, although I want the Firewall to handle NAT.  At the moment, double NAT'ting is going on.

The network config looks something like this...

INTERNET--- WAN IP (59.167.X.X) CISCO 881-- LAN IP (10.10.10.2) ---- Snapgear SG580 (192.168.10.1) --- LAN (192.168.0.0/20)

Can you please suggest how we can configure the CISCO 881 to not NAT, and bind the WAN IP from Interface FE4 to the VLAN 1, then I'll have the Snapgear handle NAT, VPN and the Access Rules...
I'd like to ensure VPN passthrough is enabled too on the 881.
Or feel free to suggest anything else...

I've attached the config of the CISCO 881...

Thank you in advance for your help, much appreciated :)

Cisco 881 Config
0
Comment
Question by:CESExchange
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 5

Expert Comment

by:abhishek1986
ID: 37736159
Just to be sure: You don't want the Cisco 881 to perform NAT Operations?
Then you will be needing one Global IP Address on the Firewall to perform NAT.
Why is it that you don't want Cisco 881 to NAT.
Also, generally it is recommended to have firewall connecting the global the local network and not the router.
0
 

Author Comment

by:CESExchange
ID: 37736188
Thank you for your reply...

I was hoping to use the Snapgear FW (which will be replaced with an ASA 5505 shortly) to perform all NAT'ing for simplicity of management.

We also have an ADSL connection, whereby the ADSL modem is configured in bridge mode, and the SNapgear handles the authentication and NAT.

Cheers
0
 
LVL 34

Assisted Solution

by:Istvan Kalmar
Istvan Kalmar earned 250 total points
ID: 37736447
Hi,

you need:

no ip nat inside source list NAT interface fast 4 overload
ip nat inside source static ip 10.10.10.1  x.x.x.x
0
 
LVL 5

Accepted Solution

by:
abhishek1986 earned 250 total points
ID: 37736554
What I am saying is that you connect the Snapgear FW to the internet directly. Configure outside port of firewall as 59.167.x.x. Place the router if you need, in place of the firewall, and configure it accordingly. The inside IP address of the Firewall could be 10.x.x.x and that of router attached to the firewall be 10.x.x.y. The other port of the router can have IP Address of your public network.
0
 

Author Comment

by:CESExchange
ID: 37745792
Thanks for your help everyone, both solutions aboved worked perfectly.
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question