Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Cisco 881 SHDSL Router to Snapgear Firewall

Posted on 2012-03-18
5
Medium Priority
?
921 Views
Last Modified: 2012-03-20
Hi Experts,

I ask for your assistance configuring our Cisco 881 and a Snapgear SG580 Firewall...

This is what we have...

Internet---Cisco881(SHDSL)----Snapgear SG580(Firewall)----LAN

We have the Cisco 881 router NAT'ting to the Firewall, although I want the Firewall to handle NAT.  At the moment, double NAT'ting is going on.

The network config looks something like this...

INTERNET--- WAN IP (59.167.X.X) CISCO 881-- LAN IP (10.10.10.2) ---- Snapgear SG580 (192.168.10.1) --- LAN (192.168.0.0/20)

Can you please suggest how we can configure the CISCO 881 to not NAT, and bind the WAN IP from Interface FE4 to the VLAN 1, then I'll have the Snapgear handle NAT, VPN and the Access Rules...
I'd like to ensure VPN passthrough is enabled too on the 881.
Or feel free to suggest anything else...

I've attached the config of the CISCO 881...

Thank you in advance for your help, much appreciated :)

Cisco 881 Config
0
Comment
Question by:CESExchange
  • 2
  • 2
5 Comments
 
LVL 5

Expert Comment

by:abhishek1986
ID: 37736159
Just to be sure: You don't want the Cisco 881 to perform NAT Operations?
Then you will be needing one Global IP Address on the Firewall to perform NAT.
Why is it that you don't want Cisco 881 to NAT.
Also, generally it is recommended to have firewall connecting the global the local network and not the router.
0
 

Author Comment

by:CESExchange
ID: 37736188
Thank you for your reply...

I was hoping to use the Snapgear FW (which will be replaced with an ASA 5505 shortly) to perform all NAT'ing for simplicity of management.

We also have an ADSL connection, whereby the ADSL modem is configured in bridge mode, and the SNapgear handles the authentication and NAT.

Cheers
0
 
LVL 34

Assisted Solution

by:Istvan Kalmar
Istvan Kalmar earned 1000 total points
ID: 37736447
Hi,

you need:

no ip nat inside source list NAT interface fast 4 overload
ip nat inside source static ip 10.10.10.1  x.x.x.x
0
 
LVL 5

Accepted Solution

by:
abhishek1986 earned 1000 total points
ID: 37736554
What I am saying is that you connect the Snapgear FW to the internet directly. Configure outside port of firewall as 59.167.x.x. Place the router if you need, in place of the firewall, and configure it accordingly. The inside IP address of the Firewall could be 10.x.x.x and that of router attached to the firewall be 10.x.x.y. The other port of the router can have IP Address of your public network.
0
 

Author Comment

by:CESExchange
ID: 37745792
Thanks for your help everyone, both solutions aboved worked perfectly.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question