2600 routable ip address basics

Unanswered Question
Dec 5th, 2007
User Badges:

Hello all,


Bare with me as I'm new to the CIcso configurations.


I am working on bringing up a 2600 series router to be used as the gateway to our ISP.


I have the Serial interface configured so that it will communicate with the provided default route and now I would like to configure servers on the LAN side with routable ip addresses, so I'm looking for someone to look over my config and give me some incite before I put the router into production.


Here is the information from the ISP (ips changed)


Local WAN IP Address: 200.200.50.118 255.255.255.252

Remote IP Address: 200.200.50.117 255.255.255.252


Ethernet IP Address: 201.200.150.165 255.255.255.224


Primary Domain Name Server: 200.200.40.10

Secondary Domain Name Server: 202.200.51.16

Here is the config thus far.


version 12.2

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname cicrtr

!

logging queue-limit 100

enable secret 5 $1$blah$blah%blaV2rUJaL2.

enable password 7 00110011110011001

!

ip subnet-zero

!

ip name-server 200.200.40.10

ip name-server 202.200.51.16

!

ip audit notify log

ip audit po max-events 100

!

no voice hpi capture buffer

no voice hpi capture destination

!

mta receive maximum-recipients 0

!

interface FastEthernet0/0

ip address 201.200.150.165 255.255.255.224

duplex auto

!

interface Serial0/0

ip address 200.200.50.118 255.255.255.252

encapsulation ppp

no ip route-cache

no ip mroute-cache

no fair-queue

service-module t1 timeslots 1-24

service-module t1 remote-alarm-enable

!

interface FastEthernet0/1

ip address 10.0.0.20 255.255.255.0

duplex auto

speed auto

!

no ip http server

no ip http secure-server

!

ip classless

ip route 0.0.0.0 0.0.0.0 205.214.50.217

!

call rsvp-sync

!

mgcp profile default

!

dial-peer cor custom

!

line con 0

exec-timeout 15 0

line aux 0

line vty 0 4

exec-timeout 30 0

password 7 001100111100

login

!


I want to run 201.200.150.170 as the firewall / routable interface from to internal LAN to the router via a Linux box.


Is there anything specific that I missing?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Edison Ortiz Wed, 12/05/2007 - 08:27
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

The config looks fine, just connect the 201.200.150.170 device directly to the router's Fa0/0 interface.


They should be able to ping each other.


The default gateway on the 201.200.150.170 should be 201.200.150.165

Edison Ortiz Wed, 12/05/2007 - 08:40
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

One more thing I noticed, you have a default route to a non-directly connected interface.


Your next hop IP for the default route should be 200.200.50.117



bvsnarayana03 Wed, 12/05/2007 - 08:39
User Badges:
  • Silver, 250 points or more

ip route 0.0.0.0 0.0.0.0 205.214.50.217


What is this IP address 205.214.50.217??


it doesnt seem to be a connected device. you may want to replace this with 200.200.50.117 which is the coonected interface of ISP router.

ryan_perc_admin Wed, 12/05/2007 - 08:46
User Badges:

The acutal router is teh following (i don't know if I can change my origianl post)


ip route 0.0.0.0 0.0.0.0 200.200.50.117

ryan_perc_admin Wed, 12/05/2007 - 08:48
User Badges:

The acutal route is the following (i don't know if I can change my origianl post)


ip route 0.0.0.0 0.0.0.0 200.200.50.117

Richard Burts Wed, 12/05/2007 - 09:51
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Ryan


There are some aspects of what you have set up that are not clear to me. You have a /30 public address on the serial interface which suggests that the path from your network to the ISP is through the router serial interface. If that is the case I am not clear how the firewall will function if it is connected on the Fa0/0 interface. The subnet on that interface is a /27. Are there other devices connected on that interface and in that subnet?


In my experience most people with a router connected to an ISP want to do some amount of filtering at the interface that faces the ISP (at a minimum filter out spoofed addresses, private addresses, etc) but I do not see any access lists on the router at all.


I am also puzzled about the devices in the subnet of FA0/1. The subnet there is in private address space so would I be correct in assuming that your user devices are in that subnet? If so what will direct their traffic to the Internet through the firewall? And if traffic from network 10 is going to the Internet there needs to be address translation. Where will the address translation take place?


Can you clarify some of these things?


HTH


Rick

Actions

This Discussion