cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
606
Views
0
Helpful
8
Replies

2600 routable ip address basics

ryan_perc_admin
Level 1
Level 1

Hello all,

Bare with me as I'm new to the CIcso configurations.

I am working on bringing up a 2600 series router to be used as the gateway to our ISP.

I have the Serial interface configured so that it will communicate with the provided default route and now I would like to configure servers on the LAN side with routable ip addresses, so I'm looking for someone to look over my config and give me some incite before I put the router into production.

Here is the information from the ISP (ips changed)

Local WAN IP Address: 200.200.50.118 255.255.255.252

Remote IP Address: 200.200.50.117 255.255.255.252

Ethernet IP Address: 201.200.150.165 255.255.255.224

Primary Domain Name Server: 200.200.40.10

Secondary Domain Name Server: 202.200.51.16

Here is the config thus far.

version 12.2

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname cicrtr

!

logging queue-limit 100

enable secret 5 $1$blah$blah%blaV2rUJaL2.

enable password 7 00110011110011001

!

ip subnet-zero

!

ip name-server 200.200.40.10

ip name-server 202.200.51.16

!

ip audit notify log

ip audit po max-events 100

!

no voice hpi capture buffer

no voice hpi capture destination

!

mta receive maximum-recipients 0

!

interface FastEthernet0/0

ip address 201.200.150.165 255.255.255.224

duplex auto

!

interface Serial0/0

ip address 200.200.50.118 255.255.255.252

encapsulation ppp

no ip route-cache

no ip mroute-cache

no fair-queue

service-module t1 timeslots 1-24

service-module t1 remote-alarm-enable

!

interface FastEthernet0/1

ip address 10.0.0.20 255.255.255.0

duplex auto

speed auto

!

no ip http server

no ip http secure-server

!

ip classless

ip route 0.0.0.0 0.0.0.0 205.214.50.217

!

call rsvp-sync

!

mgcp profile default

!

dial-peer cor custom

!

line con 0

exec-timeout 15 0

line aux 0

line vty 0 4

exec-timeout 30 0

password 7 001100111100

login

!

I want to run 201.200.150.170 as the firewall / routable interface from to internal LAN to the router via a Linux box.

Is there anything specific that I missing?

8 Replies 8

Edison Ortiz
Hall of Fame
Hall of Fame

The config looks fine, just connect the 201.200.150.170 device directly to the router's Fa0/0 interface.

They should be able to ping each other.

The default gateway on the 201.200.150.170 should be 201.200.150.165

Thanks,

I'll put it into production and see how it goes.

Regards,

Ryan

One more thing I noticed, you have a default route to a non-directly connected interface.

Your next hop IP for the default route should be 200.200.50.117

bvsnarayana03
Level 5
Level 5

ip route 0.0.0.0 0.0.0.0 205.214.50.217

What is this IP address 205.214.50.217??

it doesnt seem to be a connected device. you may want to replace this with 200.200.50.117 which is the coonected interface of ISP router.

it is a typo... I noticed after I posted.

The acutal router is teh following (i don't know if I can change my origianl post)

ip route 0.0.0.0 0.0.0.0 200.200.50.117

The acutal route is the following (i don't know if I can change my origianl post)

ip route 0.0.0.0 0.0.0.0 200.200.50.117

Ryan

There are some aspects of what you have set up that are not clear to me. You have a /30 public address on the serial interface which suggests that the path from your network to the ISP is through the router serial interface. If that is the case I am not clear how the firewall will function if it is connected on the Fa0/0 interface. The subnet on that interface is a /27. Are there other devices connected on that interface and in that subnet?

In my experience most people with a router connected to an ISP want to do some amount of filtering at the interface that faces the ISP (at a minimum filter out spoofed addresses, private addresses, etc) but I do not see any access lists on the router at all.

I am also puzzled about the devices in the subnet of FA0/1. The subnet there is in private address space so would I be correct in assuming that your user devices are in that subnet? If so what will direct their traffic to the Internet through the firewall? And if traffic from network 10 is going to the Internet there needs to be address translation. Where will the address translation take place?

Can you clarify some of these things?

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: