Solved

Configuring Cisco 2821 Router for new Internet Circuit

Posted on 2012-04-09
9
1,191 Views
Last Modified: 2012-05-07
I have an issue.  My network consists of a Cisco 2821 Router, a ASA5510, and my LAN Switches (Cisco 2950s)  I am getting rid of my T1, and got a new 3Mbps Circuit from another provider.  Today was the activation date and I ran into a problem.  The ISP bonded two T1s together on an adtran router and gave me an ethernet handoff to my cisco 2821 router.  The problem is they assigned the WAN IP to the adtran, and then gave me just one public Routable IP Block.  I connect from my Cisco Router, to the adtran fine, but now I need to configure another Interface on the Cisco Router, with a public address to go to my ASA5510's outside interface.  Of course I can't configure another interface on the the Cisco Router in the same IP range, because it will overlap.  All my site-to-site VPN's are on the ASA.  Do I need to request a secondary range of IP Addresses so I can do this?  Thanks.
0
Comment
Question by:denver218
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
9 Comments
 
LVL 15

Expert Comment

by:Robert Sutton Jr
ID: 37824708
What type of modules are currently installed in your 2821? What type of T1 circuits are they?  What purpose is the 2821 serving on your network? Sounds like you may be able to eliminate it altogether (provided its not serving another purpose) and use the ASA instead via the Adtran ethernet handoff.  Let us know.
0
 
LVL 4

Author Comment

by:denver218
ID: 37824744
I can't elimate the 2821 Router.  I have dual internet circuits configured.  The cable modem takes over if the T1 or hopefully shortly the 3Mbps circuit fails.  It does my policy based routing.  So I can't get rid of the 2821.  
The T1's are from XO Communications, and they bonded them using their own adtran router, and gave me just an ethernet handoff.  I have 2 gigabitethernet interfaces, 2 fast ethernet interfaces, and 1 WIC T1 card.  I'm thinking the only way to accomplish this is to request a second IP block.  What do you think?
0
 
LVL 15

Expert Comment

by:Robert Sutton Jr
ID: 37824780
If thats the case (Router serving other purposes) then you would need more public Ip's.
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 
LVL 4

Author Comment

by:denver218
ID: 37824803
Yes, the router does server other purposes, connecting to a cable modem for internet circuit redundancy, some policy based routing, etc.  So all I should need to do is call my ISP and tell them I need a second block on public IP's, so I configure another interface on my router to connect to my outside interface of my ASA?  Does this sound correct?
0
 
LVL 4

Author Comment

by:denver218
ID: 37828179
So i was experimenting with bridging using IRB.  In a lab I have it working.  Do you agree this should work in production.  Doing it this way, I wouldn't have to get a second IP block from the ISP

bridge irb

int fa0/0
description This port goes to ISP's Adtran
no ip address
bridge-group 1

int fa0/1
description This port goes to ASA5510
no ip address
bridge-group 1

int BVI1
description XO Communications 3Mbps Circuit IP
ip address x.x.21.242 255.255.255.248

bridge 1 protocol ieee
bridge 1 route ip

ip route 0.0.0.0 0.0.0.0 x.x.21.241
0
 
LVL 15

Accepted Solution

by:
Robert Sutton Jr earned 500 total points
ID: 37828335
Just keep in mind(since we don't have a clear picture of your network) that:

Bridge groups operate at layer 2. So they are not very effective at connecting layer 3 switches and routers. If you want to connect 2 ports of a layer 2 switch with 2 Ethernet interfaces of a router you can do that but the Ethernet interfaces on the router no longer operate as routed interfaces.
0
 
LVL 4

Author Comment

by:denver218
ID: 37828938
This may give you a better picture:  Below is how my network is setup.

Cisco 2821 Router>>>>>>>>ASA5510>>>>>>>>Cisco 2950

My Cisco 2821 Router basically serves as my edge router.  It connects me to the ISP.  The ASA5510 does all NAT/PAT, site-2-site VPN, remote access VPN, static NAT, etc.  I use Cisco 2950 switches for the LAN.

I set this up in a test lab and it seems to be working.  I gave the BVI interface on the 2821 a public IP from the /29 block the ISP gave me, and connected gi0/0 to the Adtran router the ISP provided, and connected gi0/1 to the outside interface of the ASA.  I gave my outside interface of the ASA an IP Address from the same /29 block they gave me.  Do you feel this will be ok?
0
 
LVL 4

Author Comment

by:denver218
ID: 37939993
The bridge group did work.  I used IRB and was able to successfully connect one port on the router to the ISP's Adtran and other port on the router to the ASA.  All is working.  Thanks.
0
 
LVL 4

Author Closing Comment

by:denver218
ID: 37939996
Thanks.  Bridged group worked fine for my scenario.
0

Featured Post

Get MongoDB database support online, now!

At Percona’s web store you can order your MongoDB database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card. Handle your MongoDB database support now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month8 days, 3 hours left to enroll

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question