2821 Configuration

Unanswered Question
Dec 12th, 2007

I have a Cisco 2821 Router that I am setting up to be the default gateway. The router has 2 gigabit ports. Should I:

1. Use only port g0/0, set the gateway IP on this port and create a route of this port to the firewall?

2. Use both ports g0/0 and g0/1 and route g0/0 to g0/1? If I go with option 2, how does that change assigning an IP to g0/1 because I cannot use the same subnet, as well as an IP for the firewall?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
allan.thomas Wed, 12/12/2007 - 15:58

If I understand your requirement correctly, your intention is for traffic to transit the Cisco 2821 and then forward to the firewall?

If this is the case then where does the firewall reside in the local LAN on the same ip subnet as your clients?

This would be inefficient, as traffic would be bouncing back and forth between the LAN and the Cisco 2811 when it need to route via the Firewall. In this instance you would be advantageous to configure your local gateway to route toward the firewall rather having an additional next-hop.

If you are attempting to isolate the firewall from the local LAN, then in this instance I would suggest that you configure one of the 2821 interfaces with an IP address on the same subnet which the clients own Default gateway is directed towards. (Do not make the clients D/G this address, unless of course this is necessity as you do not have L3 routing in your LAN?)

Secondly, configure a small LAN subnet for example /27 and assign this to the second gig interface, and configure the Firewall with an IP address from the same subnet.

Now you can connect a switch to this second gig interface and directly connect the FW into this switch including, any third party gateway to the internet for example. These would of course have to have an IP address on the same subnet. In this scenario the Cisco 2821 will have a default route to the FW address on the /27 subnet, and the FW will have a default-gateway towards the third party gateway address.

Hope this helps.

Regards

Allan.

cnelson01 Thu, 12/13/2007 - 05:51

I will go with the 2821 being the default gateway then pointing to the firewall. Next question/problem: I have a WAN that is routed between to L3 3560's. Right now the firewall is the default gateway, which will become the 2821 on the "A" side. There is a route setup in the firewall to route 192.168.0.0/24--192.168.0.1. I want to disable that route in the fiewall and configure that on the 2821. How?

Actions

This Discussion