cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
738
Views
5
Helpful
15
Replies

WAN- Config Questions

heron98105
Level 1
Level 1

I have just had a 10Meg ethernet turned up and I was given 2 sets of addresses. the first set is:

Wan

65.45.145.108/30

With a network side,customer side and default gateway.

I was also given:

Lan Block1

209.127.75.96/27 for our LAN block.

I am using a 3825 router and want to nat\pat everything inside the network.

Do I need to put another router (1750 with a wic-1enet) between the 3825 and the wan dmarc?

Do I put that 1750 with the "customer side address" on e/0 with a routing statement to route all traffic to the "network side address" which is the address on their device?

If so... then do I put the default gateway address of the public lan pool (209.x.x.x) on the f\0 of the 1750?

Then would I put one of the (209.x.x.x) addresses on the g 0/0 (wan side) of the 3825 and my 172.x.x.x private on the g 0/1 (lan side) of the 3825? and then add the necessary routing statments to make it all work?

Any help would be most appreciated!

Thanks

1 Accepted Solution

Accepted Solutions

James

No problem. Still a little confused ie. "How does traffic know that my 209.x.x.x addresses are located at the 3825?"

Well the 209.x.x.x address range will be routed by your ISP to the relevant site and the other public address range will be routed by your ISP to the sister site.

Jon

View solution in original post

15 Replies 15

Richard Burts
Hall of Fame
Hall of Fame

James

You are trying to make it much more difficult than it needs to be. You do not need any other router. You should put the /30 on the interface and you should create a pool of addresses on the 3825 with the /27 and do NAT/PAT with that address pool.

HTH

Rick

HTH

Rick

Jon Marshall
Hall of Fame
Hall of Fame

You can terminate the 10Mbs connection into your 3825 router. So

int fa0/0

ip address 65.45.145.109 255.255.255.252

ip route 0.0.0.0 0.0.0.0 65.45.145.110

Note - this is assuming your address is .109 and default-gateway ie. ISP address is .110. It may be the other way round.

Then you can use this interface to PAT all internal clients ie. assuming internal LAN is on fa0/1 and is 192.168.5.0/24

access-list 101 permit ip 192.168.5.0 0.0.0.255 any

ip nat inside source list 101 interface fa0/0 overload

int fa0/1

ip nat inside

int fa0/0

ip nat outside

The above takes care of your internal clients to Internet.

Then you can use your 209.127.75.96/27 block for servers inside that you want to give access to from internet eg.

server 192.168.7.10 internal

ip nat inside source static 192.168.7.10 209.127.75.97

etc.. for each server.

Jon

The other issue here which I should have included is that I have a sister location with exactly the same setup for addresses and internet. I also have a 3825 at that location and need to connect the 2 with a static VPN. I also need to grant access to people using the software vpn clients to both locations as well. How does traffic know that my 209.x.x.x addresses are located at the 3825?

James

"The other issue here which I should have included ..."

Hmmm, yes you probably should have mentioned that :-).

Not sure what you mean about having the same addressing at another site. How does this work. If the same addressing is replicated in 2 sites then the traffic won't know which site to go to. Perhaps you could clarify.

Jon

Sorry for lack of clarity here.

What I meant is that at the other site I have the same setup but of course they are different wan, lan address ranges.

Sorry for lack of clarity here.

What I meant is that at the other site I have the same setup but of course they are different wan, lan address ranges.

James

No problem. Still a little confused ie. "How does traffic know that my 209.x.x.x addresses are located at the 3825?"

Well the 209.x.x.x address range will be routed by your ISP to the relevant site and the other public address range will be routed by your ISP to the sister site.

Jon

Ok. That makes sense. Would I add the 209.x.x.x address to the g0/0 interface of the 3825 as well as the 65.x.x.x address? This is why I thought I might need an additional router.

It's all to do with routing. You don't need to add the 209.x.x.x address to your gi0/0 interface as long as the ISP routes all traffic destined for the 209.x.x.x subnet you have been allocated to the outside interface of your 3825 ie. the 65.x.x.x address.

Your ISP should be doing this if they have allocated you the 209.x.x.x subnet.

Jon

On the server internally I want to use a private ip address range and nat the public 209.x.x.x to the server. I dont want to use public ip address directly on the servers themselves. Will this work that way?

Yes it will work.

server = 192.168.5.10

public address - 209.127.75.97

ip nat inside source static 192.168.5.10 209.127.75.97

Jon

Sorry for lack of clarity here.

What I meant is that at the other site I have the same setup but of course they are different wan, lan address ranges.

Collin Clark
VIP Alumni
VIP Alumni

You do not need another router. The /30 is the point-to-point link between you and your provider. The /27 is the routeable address space assigned to you. You can/should assign one of your public IP's (209 network) to the router. Will your private network be directly connected or will you have a firewall in between?

royalblues
Level 10
Level 10

you can terminate the ethernet WAN circuit directly on the 3825 router and configure the /30 address block for that interface

Have the private 172.x.x.x network connected to the other interface and NAT them to the public interface address

Narayan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco