getting problem for internet through router

Unanswered Question
Nov 13th, 2008
User Badges:

Respected sir,

one of our client is having cisco 2800 series router and he is using internet through leaseline and also using firewall but his requirment is that if in future his firewall goes down then in that condition he wants to use the internet by giving static ip and gateway of router infact we had tried a lot for that by connecting router to switch instead of firewall but he is not getting internet but when i am taking the pc in public ip range then he gets the internet but the client wants the internet through private ip range. The following is his network connectivity.


routers eth0/0 ip is

eth0/1 ip is public ip

his eth0/0 is connected to switch and eth0/1 is connected to firewall and firewall is connected to switch. In this way his internet is working properly but he wants internet without firewall but in private ip range.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jpoplawski Thu, 11/13/2008 - 08:20
User Badges:
  • Bronze, 100 points or more

The only options I would see is, if he wants automatic failover, to purchase an additional firewall and run in Active/Standby mode. If he's dead set against using the router if the firewall goes down, the router will need to get repatched to the local lan and re-ip addressed for the LAN to be able to talk to the router.

Why is the firewall going down to begin with?

Hope this helps, rate if it does,


MARSINTEGRATORS Thu, 11/13/2008 - 22:13
User Badges:

I want to use Router's IP as a Gateway.

Also I want to use internet in following series; Router-Switch-LAN

don't want router-Firewall-switch-LAN.

Please give us solution on that.

Nikhil Suratwala

patrickvanham Fri, 11/14/2008 - 05:38
User Badges:

the only option I can see is to connect the internet to a switch, and both the firewall and router to the switch. The other end of the router to another switch and the LAN. On the router you can use floating static default routes, primary to the firewall and secondary directly to the internet. Note that the router will have to NAT in this case. Also note that it is possible to bypass the firewall from the outside.

A dual (standby/active) firewall setup is much to prefer, although a router can do some basic protection with access lists and IP inspection (depending on IOS)

jpoplawski Fri, 11/14/2008 - 11:56
User Badges:
  • Bronze, 100 points or more

What type of router? What software/feature set are you running? You can run router - switch - lan just fine. You'll need to enable NAT, Firewall/ACL and/or IDS. If you have an ISR most come with the SDM software. That should walk you through this process like a breeze. If not, there are still ways to do it, although I would recommend staying with the firewall. Let the router, route and the firewall be a firewall. Why are you trying to get rid of the firewall again?

Hope this helps, rate if it does,



This Discussion