05-30-2007 05:31 AM - edited 03-03-2019 05:13 PM
I need to change the running config on a 1700 series router. And for the life of me I think I am doing it wrong.
The router has two interfaces. An Ethernet (10meg) and a fast Ethernet. The site also has a /27 public IP block. The router is currently natting the IP's .
Here is the current interfaces configuration:
interface Ethernet0
description connected to IP Phone System
ip address 24.75.X.X 255.255.255.224
full-duplex
!
interface FastEthernet0
description connected to EthernetLAN
ip address 192.168.2.100 255.255.255.0
ip nat inside
speed auto
interface Serial0
description connected to Internet
ip address 24.75.x.x 255.255.255.252
ip nat outside
encapsulation ppp
service-module t1 timeslots 1-12
service-policy output Wan
Here is the current natting setup
ip nat pool internet-natpool-1 24.75.x.x 24.75.x.x netmask 255.255
.255.224
ip nat inside source list 1 interface Serial0 overload
ip nat inside source static tcp 192.168.2.72 3389 24.75.x.x 3389 extendable
ip nat inside source static udp 192.168.2.72 5632 24.75.x.x 5632 extendable
ip nat inside source static tcp 192.168.2.72 5631 24.75.x.x 5631 extendable
ip nat inside source static tcp 192.168.2.1 2143 24.75.x.x 2143 extendable
ip nat inside source static tcp 192.168.2.1 2142 24.75.x.x 2142 extendable
We are installing a Sonic Wall on Fastethernet0. So I will be removing the NAT statements on fastethernet0 and serial0. I will also No out all the IP nat. I will apply 24.75.x.x 255.255.255.224 to fastthernet0. On the other side will be the sonic wall with another free public IP of 24.75.x.x 255.255.255.224. The natting of the rest will take place in the sonic wall.
My question is, because I already use ip address 24.75.X.X 255.255.255.224 on ethernet0. When I apply another IP with the same subnet on fastethernet0. Will that cause routing issues? If So how should I correct it?
1) take ethernet0 (it has its public IP and one other public ip) Should I split it up to 24.75.x.x 255.255.255.252 and then then 24.75.x.x 255.255.255..240 ?. But I don?t have enough free IP?s to do this?
Any advice will be great accepted.
05-30-2007 08:31 AM
just a suggestion... why not change the nat pool to reflect the wan IP of the SonicWall, put the SonicWall on eth0 with the phone system using a small switch. Remove nat statements and add ACL for LAN access. This will leave you a way around the SonicWall via fasteth0. I have SonicWalls set up in this fasion and have found the need for having LAN get around them.
This is oversimplified but you should get the idea.
05-30-2007 08:35 AM
I hear ya but they wanted the sonic wall to do the natting for the public. I know this cannot be done because I would have the same subnets on both interfaces .... it would overlap and not work.
I was tooling around with taking the /27 and dividing it up into 2 /30 1 /29 and 1 /28. But thats alot of wasted IP's
05-30-2007 12:00 PM
Use routable IPs on eth0, phone system and WAN of SonicWall. (i.e. eth0=24.75.x.1, phone=24.75.x.2 and SonicWAN=24.75.x.3).
You then can use SonicWall to NAT LAN to WAN and you can use nat overload on remining routable IP's left in the pool for fasteth0 so you will an alternative to going exclusively through the SonicWall.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: