Configuration assistance with a 1700 series router.

D0nprintup_2 · ‎05-30-2007

I need to change the running config on a 1700 series router. And for the life of me I think I am doing it wrong.

The router has two interfaces. An Ethernet (10meg) and a fast Ethernet. The site also has a /27 public IP block. The router is currently natting the IP's .

Here is the current interfaces configuration:

interface Ethernet0

description connected to IP Phone System

ip address 24.75.X.X 255.255.255.224

full-duplex

!

interface FastEthernet0

description connected to EthernetLAN

ip address 192.168.2.100 255.255.255.0

ip nat inside

speed auto

interface Serial0

description connected to Internet

ip address 24.75.x.x 255.255.255.252

ip nat outside

encapsulation ppp

service-module t1 timeslots 1-12

service-policy output Wan

Here is the current natting setup

ip nat pool internet-natpool-1 24.75.x.x 24.75.x.x netmask 255.255

.255.224

ip nat inside source list 1 interface Serial0 overload

ip nat inside source static tcp 192.168.2.72 3389 24.75.x.x 3389 extendable

ip nat inside source static udp 192.168.2.72 5632 24.75.x.x 5632 extendable

ip nat inside source static tcp 192.168.2.72 5631 24.75.x.x 5631 extendable

ip nat inside source static tcp 192.168.2.1 2143 24.75.x.x 2143 extendable

ip nat inside source static tcp 192.168.2.1 2142 24.75.x.x 2142 extendable

We are installing a Sonic Wall on Fastethernet0. So I will be removing the NAT statements on fastethernet0 and serial0. I will also No out all the IP nat. I will apply 24.75.x.x 255.255.255.224 to fastthernet0. On the other side will be the sonic wall with another free public IP of 24.75.x.x 255.255.255.224. The natting of the rest will take place in the sonic wall.

My question is, because I already use ip address 24.75.X.X 255.255.255.224 on ethernet0. When I apply another IP with the same subnet on fastethernet0. Will that cause routing issues? If So how should I correct it?

1) take ethernet0 (it has its public IP and one other public ip) Should I split it up to 24.75.x.x 255.255.255.252 and then then 24.75.x.x 255.255.255..240 ?. But I don?t have enough free IP?s to do this?

Any advice will be great accepted.

michaeldietrich · ‎05-30-2007

just a suggestion... why not change the nat pool to reflect the wan IP of the SonicWall, put the SonicWall on eth0 with the phone system using a small switch. Remove nat statements and add ACL for LAN access. This will leave you a way around the SonicWall via fasteth0. I have SonicWalls set up in this fasion and have found the need for having LAN get around them.

This is oversimplified but you should get the idea.

D0nprintup_2 · ‎05-30-2007

I hear ya but they wanted the sonic wall to do the natting for the public. I know this cannot be done because I would have the same subnets on both interfaces .... it would overlap and not work.

I was tooling around with taking the /27 and dividing it up into 2 /30 1 /29 and 1 /28. But thats alot of wasted IP's

michaeldietrich · ‎05-30-2007

Use routable IPs on eth0, phone system and WAN of SonicWall. (i.e. eth0=24.75.x.1, phone=24.75.x.2 and SonicWAN=24.75.x.3).

You then can use SonicWall to NAT LAN to WAN and you can use nat overload on remining routable IP's left in the pool for fasteth0 so you will an alternative to going exclusively through the SonicWall.