Cisco 881 SHDSL Router to Snapgear Firewall

Hi Experts,

I ask for your assistance configuring our Cisco 881 and a Snapgear SG580 Firewall...

This is what we have...

Internet---Cisco881(SHDSL)----Snapgear SG580(Firewall)----LAN

We have the Cisco 881 router NAT'ting to the Firewall, although I want the Firewall to handle NAT.  At the moment, double NAT'ting is going on.

The network config looks something like this...

INTERNET--- WAN IP (59.167.X.X) CISCO 881-- LAN IP (10.10.10.2) ---- Snapgear SG580 (192.168.10.1) --- LAN (192.168.0.0/20)

Can you please suggest how we can configure the CISCO 881 to not NAT, and bind the WAN IP from Interface FE4 to the VLAN 1, then I'll have the Snapgear handle NAT, VPN and the Access Rules...
I'd like to ensure VPN passthrough is enabled too on the 881.
Or feel free to suggest anything else...

I've attached the config of the CISCO 881...

Thank you in advance for your help, much appreciated :)

Cisco 881 Config
CESExchangeAsked:
Who is Participating?
 
abhishek1986Connect With a Mentor Commented:
What I am saying is that you connect the Snapgear FW to the internet directly. Configure outside port of firewall as 59.167.x.x. Place the router if you need, in place of the firewall, and configure it accordingly. The inside IP address of the Firewall could be 10.x.x.x and that of router attached to the firewall be 10.x.x.y. The other port of the router can have IP Address of your public network.
0
 
abhishek1986Commented:
Just to be sure: You don't want the Cisco 881 to perform NAT Operations?
Then you will be needing one Global IP Address on the Firewall to perform NAT.
Why is it that you don't want Cisco 881 to NAT.
Also, generally it is recommended to have firewall connecting the global the local network and not the router.
0
 
CESExchangeAuthor Commented:
Thank you for your reply...

I was hoping to use the Snapgear FW (which will be replaced with an ASA 5505 shortly) to perform all NAT'ing for simplicity of management.

We also have an ADSL connection, whereby the ADSL modem is configured in bridge mode, and the SNapgear handles the authentication and NAT.

Cheers
0
 
Istvan KalmarConnect With a Mentor Head of IT Security Division Commented:
Hi,

you need:

no ip nat inside source list NAT interface fast 4 overload
ip nat inside source static ip 10.10.10.1  x.x.x.x
0
 
CESExchangeAuthor Commented:
Thanks for your help everyone, both solutions aboved worked perfectly.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.