2600 routable ip address basics

Unanswered Question
Dec 5th, 2007

Hello all,

Bare with me as I'm new to the CIcso configurations.

I am working on bringing up a 2600 series router to be used as the gateway to our ISP.

I have the Serial interface configured so that it will communicate with the provided default route and now I would like to configure servers on the LAN side with routable ip addresses, so I'm looking for someone to look over my config and give me some incite before I put the router into production.

Here is the information from the ISP (ips changed)

Local WAN IP Address:

Remote IP Address:

Ethernet IP Address:

Primary Domain Name Server:

Secondary Domain Name Server:

Here is the config thus far.

version 12.2

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption


hostname cicrtr


logging queue-limit 100

enable secret 5 $1$blah$blah%blaV2rUJaL2.

enable password 7 00110011110011001


ip subnet-zero


ip name-server

ip name-server


ip audit notify log

ip audit po max-events 100


no voice hpi capture buffer

no voice hpi capture destination


mta receive maximum-recipients 0


interface FastEthernet0/0

ip address

duplex auto


interface Serial0/0

ip address

encapsulation ppp

no ip route-cache

no ip mroute-cache

no fair-queue

service-module t1 timeslots 1-24

service-module t1 remote-alarm-enable


interface FastEthernet0/1

ip address

duplex auto

speed auto


no ip http server

no ip http secure-server


ip classless

ip route


call rsvp-sync


mgcp profile default


dial-peer cor custom


line con 0

exec-timeout 15 0

line aux 0

line vty 0 4

exec-timeout 30 0

password 7 001100111100



I want to run as the firewall / routable interface from to internal LAN to the router via a Linux box.

Is there anything specific that I missing?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Edison Ortiz Wed, 12/05/2007 - 08:27

The config looks fine, just connect the device directly to the router's Fa0/0 interface.

They should be able to ping each other.

The default gateway on the should be

Edison Ortiz Wed, 12/05/2007 - 08:40

One more thing I noticed, you have a default route to a non-directly connected interface.

Your next hop IP for the default route should be

bvsnarayana03 Wed, 12/05/2007 - 08:39

ip route

What is this IP address

it doesnt seem to be a connected device. you may want to replace this with which is the coonected interface of ISP router.

ryan_perc_admin Wed, 12/05/2007 - 08:46

The acutal router is teh following (i don't know if I can change my origianl post)

ip route

ryan_perc_admin Wed, 12/05/2007 - 08:48

The acutal route is the following (i don't know if I can change my origianl post)

ip route

Richard Burts Wed, 12/05/2007 - 09:51


There are some aspects of what you have set up that are not clear to me. You have a /30 public address on the serial interface which suggests that the path from your network to the ISP is through the router serial interface. If that is the case I am not clear how the firewall will function if it is connected on the Fa0/0 interface. The subnet on that interface is a /27. Are there other devices connected on that interface and in that subnet?

In my experience most people with a router connected to an ISP want to do some amount of filtering at the interface that faces the ISP (at a minimum filter out spoofed addresses, private addresses, etc) but I do not see any access lists on the router at all.

I am also puzzled about the devices in the subnet of FA0/1. The subnet there is in private address space so would I be correct in assuming that your user devices are in that subnet? If so what will direct their traffic to the Internet through the firewall? And if traffic from network 10 is going to the Internet there needs to be address translation. Where will the address translation take place?

Can you clarify some of these things?




This Discussion