Questions of internet config on a 2811 router

Answered Question
Apr 13th, 2009
User Badges:

Recently I had a task to configure a internet connection on a 2811 router, but i'm a newbie so not sure i did it correctly.


First of all, my router has only 2 Fast ethernet ports. Also, what's the purpose of backend IPs. Here is the config below (ip has been modified):


ISP config: Router Interface: CAR1.NWR1 PC105

Switch Port: MCD101.NWR1 :interface 1/0/18

Vlan: 141

Front-End IPs: 4.1.1.0/30 (Level3 side: 4.1.1.2, Customer side: 4.1.1.1)

Back-End IPs: 8.8.8.0/24 (Useables: 8.8.8.1 - 8.8.8.254)


My router config:


Current configuration : 1338 bytes

!

version 12.4

service timestamps debug datetime localtime

service timestamps log datetime localtime

service password-encryption

!

hostname 120B_Internet

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$kEJE$bMaRvgVqPbrrJpdiBYarE1

!

no aaa new-model

!

resource policy

!

clock timezone est -5

clock summer-time EDT recurring

!

!

ip cef

!

!

no ip domain lookup

ip accounting-threshold 1000

!

!

voice-card 0

no dspfarm


interface FastEthernet0/0

description Link to ISP - Level3

ip address 4.1.1.2 255.255.255.252

ip accounting output-packets

duplex full

speed 100

!

interface FastEthernet0/1

no ip address

duplex full

speed auto

!

interface FastEthernet0/1.1

description Management VLAN 1 - Native Vlan

encapsulation dot1Q 1 native

ip address 8.8.8.1 255.255.255.0

no snmp trap link-status

!

!

!

ip http server

no ip http secure-server

!

logging synchronous

login

line aux 0

password 7 1316021F0609167372

login

line vty 0 4

password 7 04481E0B02245E1750

login

transport input none

line vty 5 1180

login

transport input none

!

scheduler allocate 20000 1000

!

webvpn context Default_context

ssl authenticate verify all

!

no inservice

!

!

end



i didn't create any acl and NAT yet. Please correct my config if it's wrong.


thank you very much!!

Correct Answer by thotsaphon about 8 years 3 months ago

Lei,

What you need to do for accessing the internet is as follows:

- Create a default route to pass traffic to ISP

- Create NAT statements and apply things


Toshi

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
thotsaphon Mon, 04/13/2009 - 08:56
User Badges:
  • Gold, 750 points or more

Lei,

What you need to do for accessing the internet is as follows:

- Create a default route to pass traffic to ISP

- Create NAT statements and apply things


Toshi

sukadelic Mon, 04/13/2009 - 09:14
User Badges:

thanks for your advise.


i guess my basic config on those interfaces are correct. I just need to create NAT and default route.


What do i do with back-end IPs though?

thotsaphon Mon, 04/13/2009 - 09:24
User Badges:
  • Gold, 750 points or more

Lei,

Nothing to do with that. Just do things I mentioned.



HTH,

Toshi

sukadelic Mon, 04/13/2009 - 12:36
User Badges:

Toshi,


My setup is ISP->Router->switch->2 firewalls. Please tell me should I create NAT on the router or the firewalls?

thotsaphon Mon, 04/13/2009 - 12:47
User Badges:
  • Gold, 750 points or more

Lei,

It depends. Do you have public ip addresses assigned between the router and 2 Firewalls? If not, You finally have to do NAT on the router anyway.




HTH,

Toshi

sukadelic Mon, 04/13/2009 - 13:10
User Badges:

yes. one public ip for the router and assign one of the back-end IPs for those 2 firewalls.

thotsaphon Mon, 04/13/2009 - 13:22
User Badges:
  • Gold, 750 points or more

Lei,

Well,you have other networks behind 2 firewalls. In case you don't want to add routes on the router to route them back to firewalls. You can do NAT on the Firewall after that doing NAT on the router as well.


To be honest,you can implement the way you're familiar with.



HTH,

Toshi

sukadelic Mon, 04/13/2009 - 13:24
User Badges:

thank you so much! i now have better understanding on it.

Actions

This Discussion