Configure Cisco 1921 with /29 ext and /27 int
So its been a long time since I have had to setup a cisco router, and I need a little advice.
Details:
Installing Ethernet fiber connection - ISP will drop a fiber connection and extend to my router which is a Cisco 1921. They have provided me with a /29 to connect my WAN int to their router, and a /27 to assign to my LAN int, which will be connected to a firewall. I will need to have all of the /27 ip's forwarded to my firewall, and the firewall will do all the NATing, to my private scope. below is the config I started and need assistance finishing it up. I have bolded the text that I'm not sure is correct. Also my circuit is not yet installed so I can not test at this moment.
Please do not respond by guessing - I am looking for responses from Cisco guys that can do this in their sleep.
Current configuration : 3298 bytes
!
! Last configuration change at 14:13:12 UTC Fri Oct 4 2013 by cisco
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CC_EDGE_ROUTER
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
ip cef
!
!
!
!
ip domain name XXXXXXXXXX.COM
no ipv6 cef
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-1142544723
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-1142544723
!
!
crypto pki certificate chain TP-self-signed-1142544723
self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31313432 35343437 3233301E 170D3133 30343236 30333138
35325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31343235
34343732 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CD2F A181D3F4 A6AF36AF EDF517DF 7569D879 E22DB3D2 5BE18B2C A12F53BC
63AE4403 766D26E7 6B14D1AC 61E35B3C 2E1765FD 85B972FE 72CE6323 C538AF05
D663CE7B E1B078C0 B18482A9 B29E06F3 E122FF4C A58805B7 D5ED06CB D125E8F3
87CC5D82 F5DDAB83 742F3707 629F013D 8902F89C 5E82CCD4 AA77DB1F A80F9411
C33B0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 147AF4B6 EA69992D A01AA16B 2710BB86 4B192827 0A301D06
03551D0E 04160414 7AF4B6EA 69992DA0 1AA16B27 10BB864B 1928270A 300D0609
2A864886 F70D0101 05050003 8181002A 768B953D B29C52E5 08E51A7D D971CC54
1094CCCE 03646F60 7654CE1F C6A347A9 126F60AB 293103D5 1AAAA4DB 7738CEAE
D3D1BB4C BD254BB8 614CF52B 4A26AB84 0A9B193C BF235EC0 D854DA38 8FD1E422
178671F2 59E722CA 6012B875 21C62C63 B5CE1A47 50F54266 77F62AC3 54C2B3AD
73EDB644 317F972E 80C4B092 EA4211
quit
license udi pid CISCO1921/K9 sn FGL171724JH
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ETH-WAN$COMCAST-EXT-0/0$
ip address 50.200.X.X 255.255.255.248
duplex auto
speed auto
!
interface GigabitEthernet0/1
description $ETH-LAN$COMCAST-INT-0/1$
ip address 50.204.X.X 255.255.255.224
ip nat outside
ip virtual-reassembly in
duplex auto
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 50.204.X.X
!
!
!
!
control-plane
!
!
!
line con 0
login local
line aux 0
line 2
no activation-character
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
CC_EDGE_ROUTER#
Details:
Installing Ethernet fiber connection - ISP will drop a fiber connection and extend to my router which is a Cisco 1921. They have provided me with a /29 to connect my WAN int to their router, and a /27 to assign to my LAN int, which will be connected to a firewall. I will need to have all of the /27 ip's forwarded to my firewall, and the firewall will do all the NATing, to my private scope. below is the config I started and need assistance finishing it up. I have bolded the text that I'm not sure is correct. Also my circuit is not yet installed so I can not test at this moment.
Please do not respond by guessing - I am looking for responses from Cisco guys that can do this in their sleep.
Current configuration : 3298 bytes
!
! Last configuration change at 14:13:12 UTC Fri Oct 4 2013 by cisco
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CC_EDGE_ROUTER
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
ip cef
!
!
!
!
ip domain name XXXXXXXXXX.COM
no ipv6 cef
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-1142544723
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-1142544723
!
!
crypto pki certificate chain TP-self-signed-1142544723
self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31313432 35343437 3233301E 170D3133 30343236 30333138
35325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31343235
34343732 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CD2F A181D3F4 A6AF36AF EDF517DF 7569D879 E22DB3D2 5BE18B2C A12F53BC
63AE4403 766D26E7 6B14D1AC 61E35B3C 2E1765FD 85B972FE 72CE6323 C538AF05
D663CE7B E1B078C0 B18482A9 B29E06F3 E122FF4C A58805B7 D5ED06CB D125E8F3
87CC5D82 F5DDAB83 742F3707 629F013D 8902F89C 5E82CCD4 AA77DB1F A80F9411
C33B0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 147AF4B6 EA69992D A01AA16B 2710BB86 4B192827 0A301D06
03551D0E 04160414 7AF4B6EA 69992DA0 1AA16B27 10BB864B 1928270A 300D0609
2A864886 F70D0101 05050003 8181002A 768B953D B29C52E5 08E51A7D D971CC54
1094CCCE 03646F60 7654CE1F C6A347A9 126F60AB 293103D5 1AAAA4DB 7738CEAE
D3D1BB4C BD254BB8 614CF52B 4A26AB84 0A9B193C BF235EC0 D854DA38 8FD1E422
178671F2 59E722CA 6012B875 21C62C63 B5CE1A47 50F54266 77F62AC3 54C2B3AD
73EDB644 317F972E 80C4B092 EA4211
quit
license udi pid CISCO1921/K9 sn FGL171724JH
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ETH-WAN$COMCAST-EXT-0/0$
ip address 50.200.X.X 255.255.255.248
duplex auto
speed auto
!
interface GigabitEthernet0/1
description $ETH-LAN$COMCAST-INT-0/1$
ip address 50.204.X.X 255.255.255.224
ip nat outside
ip virtual-reassembly in
duplex auto
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 50.204.X.X
!
!
!
!
control-plane
!
!
!
line con 0
login local
line aux 0
line 2
no activation-character
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
CC_EDGE_ROUTER#
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
so if the ip they assigned me is 50.204.99.64/27 my first usable is .65 which would be assigned to int 0/1 - .64 should be default route,
I don't follow you here. The "default route" on the router will be 0.0.0.0/0 with a next hop address being the providers router. On your firewall, you will also have a default route but the next hop address will be whatever address you assign to the g0/0 interface of the router.
ASKER
right I understand that, so let me expand a little.
IP range 50.204.99.64/27
IP Address of 0/1 50.204.99.65/27
ip default route 0.0.0.0 0.0.0.0 50.204.99.64
on my firewall I already have that set with a default route pointing to 50.204.99.65
I just need to confirm the cisco info is correct
IP range 50.204.99.64/27
IP Address of 0/1 50.204.99.65/27
ip default route 0.0.0.0 0.0.0.0 50.204.99.64
on my firewall I already have that set with a default route pointing to 50.204.99.65
I just need to confirm the cisco info is correct
ip default router 0.0.0.0 0.0.0.0 50.204.99.64
No. The next hop address must be the IP address of the next router towards the internet. In your example, the next hop address is a network address and it's for the local network.
ASKER
.64 will be on the isp router and would be my next hop, the /29 net is not visible so it would not be the next hop.
do I need to turn on routing on the cisco?
do I need to turn on routing on the cisco?
.64 will be on the isp router and would be my next hop, the /29 net is not visible so it would not be the next hop.I totally don't get what you're saying. But if you're saying the 50.204.X.64 is the ISP's router then that's good.
the /29 net is not visible so it would not be the next hop.If you're connected to a network, it's visible.
do I need to turn on routing on the cisco?"ip routing" has been on by default in Cisco routers for a while now. So unless it was disabled, you shouldn't need to turn it on.
ASKER
what I meant was that you do not use the ip's in the routes. However, I should still be able to ping the /29 ip's from the cisco.
Anyway, I have made the changes to the config file and will test on the 16th once the circuit is turned up.
Thanks for your help.
Anyway, I have made the changes to the config file and will test on the 16th once the circuit is turned up.
Thanks for your help.
ASKER
My firewall will by 66-97
CORRECT?