×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

WAN- Config Questions

Answered Question

I have just had a 10Meg ethernet turned up and I was given 2 sets of addresses. the first set is:


Wan

65.45.145.108/30


With a network side,customer side and default gateway.


I was also given:


Lan Block1

209.127.75.96/27 for our LAN block.


I am using a 3825 router and want to nat\pat everything inside the network.


Do I need to put another router (1750 with a wic-1enet) between the 3825 and the wan dmarc?


Do I put that 1750 with the "customer side address" on e/0 with a routing statement to route all traffic to the "network side address" which is the address on their device?


If so... then do I put the default gateway address of the public lan pool (209.x.x.x) on the f\0 of the 1750?


Then would I put one of the (209.x.x.x) addresses on the g 0/0 (wan side) of the 3825 and my 172.x.x.x private on the g 0/1 (lan side) of the 3825? and then add the necessary routing statments to make it all work?


Any help would be most appreciated!


Thanks

Correct Answer by Jon Marshall about 8 years 4 months ago

James


No problem. Still a little confused ie. "How does traffic know that my 209.x.x.x addresses are located at the 3825?"


Well the 209.x.x.x address range will be routed by your ISP to the relevant site and the other public address range will be routed by your ISP to the sister site.


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Richard Burts Wed, 04/01/2009 - 11:57
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

James


You are trying to make it much more difficult than it needs to be. You do not need any other router. You should put the /30 on the interface and you should create a pool of addresses on the 3825 with the /27 and do NAT/PAT with that address pool.


HTH


Rick

Jon Marshall Wed, 04/01/2009 - 12:00
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

You can terminate the 10Mbs connection into your 3825 router. So


int fa0/0

ip address 65.45.145.109 255.255.255.252


ip route 0.0.0.0 0.0.0.0 65.45.145.110


Note - this is assuming your address is .109 and default-gateway ie. ISP address is .110. It may be the other way round.


Then you can use this interface to PAT all internal clients ie. assuming internal LAN is on fa0/1 and is 192.168.5.0/24



access-list 101 permit ip 192.168.5.0 0.0.0.255 any


ip nat inside source list 101 interface fa0/0 overload


int fa0/1

ip nat inside


int fa0/0

ip nat outside


The above takes care of your internal clients to Internet.


Then you can use your 209.127.75.96/27 block for servers inside that you want to give access to from internet eg.


server 192.168.7.10 internal


ip nat inside source static 192.168.7.10 209.127.75.97


etc.. for each server.


Jon

The other issue here which I should have included is that I have a sister location with exactly the same setup for addresses and internet. I also have a 3825 at that location and need to connect the 2 with a static VPN. I also need to grant access to people using the software vpn clients to both locations as well. How does traffic know that my 209.x.x.x addresses are located at the 3825?

Jon Marshall Wed, 04/01/2009 - 12:31
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

James


"The other issue here which I should have included ..."


Hmmm, yes you probably should have mentioned that :-).


Not sure what you mean about having the same addressing at another site. How does this work. If the same addressing is replicated in 2 sites then the traffic won't know which site to go to. Perhaps you could clarify.


Jon

Correct Answer
Jon Marshall Wed, 04/01/2009 - 12:50
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

James


No problem. Still a little confused ie. "How does traffic know that my 209.x.x.x addresses are located at the 3825?"


Well the 209.x.x.x address range will be routed by your ISP to the relevant site and the other public address range will be routed by your ISP to the sister site.


Jon

Jon Marshall Wed, 04/01/2009 - 13:00
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

It's all to do with routing. You don't need to add the 209.x.x.x address to your gi0/0 interface as long as the ISP routes all traffic destined for the 209.x.x.x subnet you have been allocated to the outside interface of your 3825 ie. the 65.x.x.x address.


Your ISP should be doing this if they have allocated you the 209.x.x.x subnet.


Jon

Jon Marshall Wed, 04/01/2009 - 13:23
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Yes it will work.


server = 192.168.5.10

public address - 209.127.75.97


ip nat inside source static 192.168.5.10 209.127.75.97


Jon

Collin Clark Wed, 04/01/2009 - 12:00
User Badges:
  • Purple, 4500 points or more

You do not need another router. The /30 is the point-to-point link between you and your provider. The /27 is the routeable address space assigned to you. You can/should assign one of your public IP's (209 network) to the router. Will your private network be directly connected or will you have a firewall in between?

royalblues Wed, 04/01/2009 - 12:03
User Badges:
  • Green, 3000 points or more

you can terminate the ethernet WAN circuit directly on the 3825 router and configure the /30 address block for that interface


Have the private 172.x.x.x network connected to the other interface and NAT them to the public interface address


Narayan

Edison Ortiz Wed, 04/01/2009 - 12:04
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

I guess you have nothing better than a 1750?


Based on the limitation, I would put the 1750 between the 3825 and the WAN Dmarc, as you have a 10Mbps interface on the 1750 and you are being serviced with a 10Mpbs connection. I actually recommend getting a better router for this, though.


In addition, I recommend placing a switch between the 3845 and the 1750 so you can actually place another devices in this zone if you want to circumvent the NAT.


The 1750 will have the WAN IP and one IP from the LAN block the ISP with default gateway towards the WAN.


The 3845 will have one IP from the LAN block on the WAN facing interface and internal IP on the LAN facing interface with NAT configured. The gateway will be the LAN IP from the 1750.


HTH,


__


Edison.


Actions

This Discussion