Complex home network: Cisco 871 + multiple static IPs + more

Unanswered Question
Feb 16th, 2007

Hi, I'm hoping some of you experts can advise me on ways to accomplish what I want.

Currently my home network has 3 public static IPs, one for my server (http, ftp, smtp); one for common home internet use (multiple computers, inc. wireless); one for devices for work (another cisco 871 and a PIX 501).

Currently, my DSL modem (1.5mb/768kb) feeds into a hub that feeds into 2 consumer routers (zyxel and netgear) as well as either the PIX or the work-871. (Both the PIX and the 871 use the same static IP so I only power up one at a time.) Both consumer routers' LAN interfaces feed into a gigabit switch. I use the Zyxel's LAN IP as default gateway for my server, and my DHCP service hands out the Netgear LAN IP to all the other computers.

I want my personal 871 to provide wired+wireless NAT internet access. I want one of my static IPs to service my server, via NAT without PAT. The second IP services all other computers on my LAN+Wireless. The third IP, I want to make available to either PIX or work-871.

My server must be on the same subnet as the rest of my computers. I dedicated an IP for the server without PAT (port address translation) in order to avoid problems with certain applications. But, my server also holds all my data and media files which my other PCs can access.

I'd love to plug in my DSL modem straight to the WAN port (FE4) and attach FE0 to my LAN, with FE1 to either my PIX or my work-871.

I thought VLANs to could help but no .. another thought was creating a DMZ and specially configuring both my PIX and work-871 default gateways to the home-871 but I'm not sure how to make this work.

The PIX501 must have a predefined static IP to use. I do have the ability to update my work datacenter's PIX515E config, but not the DMVPN config for the work-871.

I'm good at "RTFM" but there are reams of docs. Can anyone point me in the right direction? Or is this just flat out not possible?

Thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sbilgi Thu, 02/22/2007 - 14:41

You could statically map server into the public ip which you have.Try to use Fileter wherein the first statement you deny Server LAn ip address and in the second line we could permit all statement where all other computers could have access.

Actions

This Discussion