06-14-2008 12:44 AM - edited 03-03-2019 10:21 PM
Dear all
i have a 2811 router on se0/0/0 wic 1t is installed and internet leased line is terminated on it.i have 6 public ip addresses with me.
serial is configured and im using gi0/0(public IP on this interface) to connect to my firewall.
i have installed 3 ADSL WIC cards, rt now only 1 adsl is connected and im using gi0/1 (private ip address is used here)and i did a policy based routing.
please see the configuration.
interface FastEthernet0/0
ip address 212.72.6.137 255.255.255.248
ip policy route-map servers
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip tcp adjust-mss 1452
ip policy route-map adsl
interface Serial0/0/0
ip address 212.72.6.182 255.255.255.252
interface ATM0/1/0
no ip address
ip mtu 1492
ip tcp adjust-mss 1452
no atm ilmi-keepalive
dsl operating-mode auto
hold-queue 224 in
!
interface ATM0/1/0.1 point-to-point
ip mtu 1492
pvc 0/35
pppoe-client dial-pool-number 1
interface Dialer1
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname xxxxx
ppp chap password yyyyy
ppp pap sent-username xxxxx password yyyyyyy
ip nat inside source list 1 interface Dialer1 overload
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 20 permit 212.72.6.136 0.0.0.7
route-map adsl permit 1
match ip address 1
set interface Dialer1
route-map servers permit 20
match ip address 20
set interface Serial0/0/0
now my customers requirement is instead of using 2 ethernet intefaces they are asking me to use the first ethernet interface which is having public ip address.
how can i achieve this.
pleas help me at the earliset.
thanks ®ards
Binoy.
06-14-2008 01:24 AM
As i understood from ur post..basically ur Fa0/0 with the public IP's is being used to connect to ur firewall.The fa0/1 is ur local interface.
Where r the users actually hooked to.
I would rather suggest hook ur users behind the Firewall and let NAT/PAT happen inside the FW.This way u can use ur extra IP's for hosting some webservers as well behind the FW.
The router can be used for simple first layer to interact on routing part.
Let me know if i wat i understood is not per ur requirement.
Pls rate/mark if this helps!!!
06-14-2008 02:01 AM
dear frnd thanks for your reply
my fa0/0 is connecting to a friewall and ive dmz zone with one web server and front end exchange.
back end exchange and others are sitting in inside network.
my dmz is 192.168.3.0/24 and my inside network is 192.168.1.0/24
and im using couple of public ip's for static nating ex.for front end exchange n all.
that part is working no issues.
my customer need adsl also in this same router
so ive put adsl and configured and configured fa0/1. my users will also be in 192.168.1.0/24
so im planning to terminate fa0/1 also in firewall and divert exchange traffic thru leased line ans http traffic from users to adsl.
this is my requirement
Binoy
06-15-2008 11:21 PM
hello all
any suggestion
06-16-2008 02:17 PM
Binoy...pls clarify a bit more abt ur need.So far as i understood-
*se0/0/0 terminates T1 & has extra public IP's
*fa0/0 links to firewall & has public servers using public ip's.
*fa0/1 links to local lan.
Requirement: ADSL to be hooked on fa0/1 alongwith local lan users.So terminate fa0/1 also in firewall and segregate traffic http thru leased link & http from users via adsl.
Now one small stuff here if u try to hookup both fw traffic and user traffic in fa0/1 ..u might have to break the /29 additional global IP's into 2/3 sets of /30IP's with ur provider.
Also is there any specific need why customer is asking to use only one interface.
Pls correct if this is not the case.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide