Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco 881 SHDSL Router to Snapgear Firewall

Posted on 2012-03-18
5
Medium Priority
?
917 Views
Last Modified: 2012-03-20
Hi Experts,

I ask for your assistance configuring our Cisco 881 and a Snapgear SG580 Firewall...

This is what we have...

Internet---Cisco881(SHDSL)----Snapgear SG580(Firewall)----LAN

We have the Cisco 881 router NAT'ting to the Firewall, although I want the Firewall to handle NAT.  At the moment, double NAT'ting is going on.

The network config looks something like this...

INTERNET--- WAN IP (59.167.X.X) CISCO 881-- LAN IP (10.10.10.2) ---- Snapgear SG580 (192.168.10.1) --- LAN (192.168.0.0/20)

Can you please suggest how we can configure the CISCO 881 to not NAT, and bind the WAN IP from Interface FE4 to the VLAN 1, then I'll have the Snapgear handle NAT, VPN and the Access Rules...
I'd like to ensure VPN passthrough is enabled too on the 881.
Or feel free to suggest anything else...

I've attached the config of the CISCO 881...

Thank you in advance for your help, much appreciated :)

Cisco 881 Config
0
Comment
Question by:CESExchange
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 5

Expert Comment

by:abhishek1986
ID: 37736159
Just to be sure: You don't want the Cisco 881 to perform NAT Operations?
Then you will be needing one Global IP Address on the Firewall to perform NAT.
Why is it that you don't want Cisco 881 to NAT.
Also, generally it is recommended to have firewall connecting the global the local network and not the router.
0
 

Author Comment

by:CESExchange
ID: 37736188
Thank you for your reply...

I was hoping to use the Snapgear FW (which will be replaced with an ASA 5505 shortly) to perform all NAT'ing for simplicity of management.

We also have an ADSL connection, whereby the ADSL modem is configured in bridge mode, and the SNapgear handles the authentication and NAT.

Cheers
0
 
LVL 34

Assisted Solution

by:Istvan Kalmar
Istvan Kalmar earned 1000 total points
ID: 37736447
Hi,

you need:

no ip nat inside source list NAT interface fast 4 overload
ip nat inside source static ip 10.10.10.1  x.x.x.x
0
 
LVL 5

Accepted Solution

by:
abhishek1986 earned 1000 total points
ID: 37736554
What I am saying is that you connect the Snapgear FW to the internet directly. Configure outside port of firewall as 59.167.x.x. Place the router if you need, in place of the firewall, and configure it accordingly. The inside IP address of the Firewall could be 10.x.x.x and that of router attached to the firewall be 10.x.x.y. The other port of the router can have IP Address of your public network.
0
 

Author Comment

by:CESExchange
ID: 37745792
Thanks for your help everyone, both solutions aboved worked perfectly.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Suggested Courses

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question