04-13-2009 08:51 AM - edited 03-04-2019 04:21 AM
Recently I had a task to configure a internet connection on a 2811 router, but i'm a newbie so not sure i did it correctly.
First of all, my router has only 2 Fast ethernet ports. Also, what's the purpose of backend IPs. Here is the config below (ip has been modified):
ISP config: Router Interface: CAR1.NWR1 PC105
Switch Port: MCD101.NWR1 :interface 1/0/18
Vlan: 141
Front-End IPs: 4.1.1.0/30 (Level3 side: 4.1.1.2, Customer side: 4.1.1.1)
Back-End IPs: 8.8.8.0/24 (Useables: 8.8.8.1 - 8.8.8.254)
My router config:
Current configuration : 1338 bytes
!
version 12.4
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname 120B_Internet
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$kEJE$bMaRvgVqPbrrJpdiBYarE1
!
no aaa new-model
!
resource policy
!
clock timezone est -5
clock summer-time EDT recurring
!
!
ip cef
!
!
no ip domain lookup
ip accounting-threshold 1000
!
!
voice-card 0
no dspfarm
interface FastEthernet0/0
description Link to ISP - Level3
ip address 4.1.1.2 255.255.255.252
ip accounting output-packets
duplex full
speed 100
!
interface FastEthernet0/1
no ip address
duplex full
speed auto
!
interface FastEthernet0/1.1
description Management VLAN 1 - Native Vlan
encapsulation dot1Q 1 native
ip address 8.8.8.1 255.255.255.0
no snmp trap link-status
!
!
!
ip http server
no ip http secure-server
!
logging synchronous
login
line aux 0
password 7 1316021F0609167372
login
line vty 0 4
password 7 04481E0B02245E1750
login
transport input none
line vty 5 1180
login
transport input none
!
scheduler allocate 20000 1000
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
!
end
i didn't create any acl and NAT yet. Please correct my config if it's wrong.
thank you very much!!
Solved! Go to Solution.
04-13-2009 08:56 AM
Lei,
What you need to do for accessing the internet is as follows:
- Create a default route to pass traffic to ISP
- Create NAT statements and apply things
Toshi
04-13-2009 08:56 AM
Lei,
What you need to do for accessing the internet is as follows:
- Create a default route to pass traffic to ISP
- Create NAT statements and apply things
Toshi
04-13-2009 09:14 AM
thanks for your advise.
i guess my basic config on those interfaces are correct. I just need to create NAT and default route.
What do i do with back-end IPs though?
04-13-2009 09:24 AM
Lei,
Nothing to do with that. Just do things I mentioned.
HTH,
Toshi
04-13-2009 12:36 PM
Toshi,
My setup is ISP->Router->switch->2 firewalls. Please tell me should I create NAT on the router or the firewalls?
04-13-2009 12:47 PM
Lei,
It depends. Do you have public ip addresses assigned between the router and 2 Firewalls? If not, You finally have to do NAT on the router anyway.
HTH,
Toshi
04-13-2009 01:10 PM
yes. one public ip for the router and assign one of the back-end IPs for those 2 firewalls.
04-13-2009 01:22 PM
Lei,
Well,you have other networks behind 2 firewalls. In case you don't want to add routes on the router to route them back to firewalls. You can do NAT on the Firewall after that doing NAT on the router as well.
To be honest,you can implement the way you're familiar with.
HTH,
Toshi
04-13-2009 01:24 PM
thank you so much! i now have better understanding on it.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: