cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
514
Views
0
Helpful
8
Replies

Questions of internet config on a 2811 router

sukadelic
Level 1
Level 1

Recently I had a task to configure a internet connection on a 2811 router, but i'm a newbie so not sure i did it correctly.

First of all, my router has only 2 Fast ethernet ports. Also, what's the purpose of backend IPs. Here is the config below (ip has been modified):

ISP config: Router Interface: CAR1.NWR1 PC105

Switch Port: MCD101.NWR1 :interface 1/0/18

Vlan: 141

Front-End IPs: 4.1.1.0/30 (Level3 side: 4.1.1.2, Customer side: 4.1.1.1)

Back-End IPs: 8.8.8.0/24 (Useables: 8.8.8.1 - 8.8.8.254)

My router config:

Current configuration : 1338 bytes

!

version 12.4

service timestamps debug datetime localtime

service timestamps log datetime localtime

service password-encryption

!

hostname 120B_Internet

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$kEJE$bMaRvgVqPbrrJpdiBYarE1

!

no aaa new-model

!

resource policy

!

clock timezone est -5

clock summer-time EDT recurring

!

!

ip cef

!

!

no ip domain lookup

ip accounting-threshold 1000

!

!

voice-card 0

no dspfarm

interface FastEthernet0/0

description Link to ISP - Level3

ip address 4.1.1.2 255.255.255.252

ip accounting output-packets

duplex full

speed 100

!

interface FastEthernet0/1

no ip address

duplex full

speed auto

!

interface FastEthernet0/1.1

description Management VLAN 1 - Native Vlan

encapsulation dot1Q 1 native

ip address 8.8.8.1 255.255.255.0

no snmp trap link-status

!

!

!

ip http server

no ip http secure-server

!

logging synchronous

login

line aux 0

password 7 1316021F0609167372

login

line vty 0 4

password 7 04481E0B02245E1750

login

transport input none

line vty 5 1180

login

transport input none

!

scheduler allocate 20000 1000

!

webvpn context Default_context

ssl authenticate verify all

!

no inservice

!

!

end

i didn't create any acl and NAT yet. Please correct my config if it's wrong.

thank you very much!!

1 Accepted Solution

Accepted Solutions

Lei,

What you need to do for accessing the internet is as follows:

- Create a default route to pass traffic to ISP

- Create NAT statements and apply things

Toshi

View solution in original post

8 Replies 8

Lei,

What you need to do for accessing the internet is as follows:

- Create a default route to pass traffic to ISP

- Create NAT statements and apply things

Toshi

thanks for your advise.

i guess my basic config on those interfaces are correct. I just need to create NAT and default route.

What do i do with back-end IPs though?

Lei,

Nothing to do with that. Just do things I mentioned.

HTH,

Toshi

Toshi,

My setup is ISP->Router->switch->2 firewalls. Please tell me should I create NAT on the router or the firewalls?

Lei,

It depends. Do you have public ip addresses assigned between the router and 2 Firewalls? If not, You finally have to do NAT on the router anyway.

HTH,

Toshi

yes. one public ip for the router and assign one of the back-end IPs for those 2 firewalls.

Lei,

Well,you have other networks behind 2 firewalls. In case you don't want to add routes on the router to route them back to firewalls. You can do NAT on the Firewall after that doing NAT on the router as well.

To be honest,you can implement the way you're familiar with.

HTH,

Toshi

thank you so much! i now have better understanding on it.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: