bridging/transparent mode on cisco 1800

Unanswered Question
Aug 12th, 2009
User Badges:

I have a small network of about 60 public IP addresses. All computers are configured with static IPs. I want to add a cisco 1800 router to provide firewall, VPN, and other services. (Without changing the client computers' configuration)


Can this be done with bridging or transparent mode? On a Cisco 1800 series router? How?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
paolo bevilacqua Wed, 08/12/2009 - 10:58
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

This is not done with bridging, it will be a regular routing configuration.


If you're the end user, I recommend you locate a reputable cisco partner or consultant. Doing it alone can cause a significant frustration and time spent while you learn things that are actually subject of extensive training and certification.

Laurent Aubert Wed, 08/12/2009 - 13:02
User Badges:
  • Cisco Employee,

Hi,


If you want to put the 1800 router between your hosts and your ISP, you will have a dedicated subnets for the ISP facing interface so bridging is not necessary here.


On the LAN interface just configure an IP address belonging to the same subnet as your hosts. You will have also to update their gateways.


HTH


Laurent.


tachyon05 Wed, 08/12/2009 - 14:03
User Badges:

I understand that if I were to install a ASA configured in transparent firewall mode, I do not need to reconfigure the gateways (or anything else) on client computers. The transparent firewall acts as a "bump in the wire".


My network is x.x.x.1 with a SNM of 255.255.255.192. All computers are configured with public static IP in this range and their gateway is x.x.x.1


How can I configure a cisco 1800 router such that I can drop it in and act as a "bump in the wire"?

paolo bevilacqua Wed, 08/12/2009 - 14:10
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

IOS do not support transparent firewall mode.


However, appropriate configuration can achieve full firewall features without changing anything in the PCs.


That's why I recommended a reputable consultant, in this profession we understand customer requirements and can configure the router to best meet them, without having the end user proceeding as trial and error.


tachyon05 Wed, 08/12/2009 - 14:54
User Badges:

i think i found the answer at the link below. my setup is the same as their diagram, except i do not have a HSZ, i only have a DMZ. well, my DMZ really is the HSZ, and my LAN and WAN are on the same network. i am going to see how to modify this to fit my needs.


http://www.akadia.com/services/bridged_cisco_router.html#Integrated%20Bridging%20between%20Internet%20and%20DMZ


paolo bevilacqua Wed, 08/12/2009 - 15:01
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

The thing is, you can have some interface bridged and router to address them using a single IP like in the example, but you cannot bridge ones on different sides of the firewall, or NAT.


This "googled" approach to get things done "let's try this out" is exactly what I was referring before, that most customer do not want, because is business impacting, and somewhat dangerous.


On the other hand, if it's ok with you, and your users/managers tolerate experimenting, nobody can argue with that.

Actions

This Discussion