08-12-2009 09:54 AM - edited 03-04-2019 05:43 AM
I have a small network of about 60 public IP addresses. All computers are configured with static IPs. I want to add a cisco 1800 router to provide firewall, VPN, and other services. (Without changing the client computers' configuration)
Can this be done with bridging or transparent mode? On a Cisco 1800 series router? How?
08-12-2009 10:58 AM
This is not done with bridging, it will be a regular routing configuration.
If you're the end user, I recommend you locate a reputable cisco partner or consultant. Doing it alone can cause a significant frustration and time spent while you learn things that are actually subject of extensive training and certification.
08-12-2009 01:02 PM
Hi,
If you want to put the 1800 router between your hosts and your ISP, you will have a dedicated subnets for the ISP facing interface so bridging is not necessary here.
On the LAN interface just configure an IP address belonging to the same subnet as your hosts. You will have also to update their gateways.
HTH
Laurent.
08-12-2009 02:03 PM
I understand that if I were to install a ASA configured in transparent firewall mode, I do not need to reconfigure the gateways (or anything else) on client computers. The transparent firewall acts as a "bump in the wire".
My network is x.x.x.1 with a SNM of 255.255.255.192. All computers are configured with public static IP in this range and their gateway is x.x.x.1
How can I configure a cisco 1800 router such that I can drop it in and act as a "bump in the wire"?
08-12-2009 02:10 PM
IOS do not support transparent firewall mode.
However, appropriate configuration can achieve full firewall features without changing anything in the PCs.
That's why I recommended a reputable consultant, in this profession we understand customer requirements and can configure the router to best meet them, without having the end user proceeding as trial and error.
08-12-2009 02:54 PM
i think i found the answer at the link below. my setup is the same as their diagram, except i do not have a HSZ, i only have a DMZ. well, my DMZ really is the HSZ, and my LAN and WAN are on the same network. i am going to see how to modify this to fit my needs.
08-12-2009 03:01 PM
The thing is, you can have some interface bridged and router to address them using a single IP like in the example, but you cannot bridge ones on different sides of the firewall, or NAT.
This "googled" approach to get things done "let's try this out" is exactly what I was referring before, that most customer do not want, because is business impacting, and somewhat dangerous.
On the other hand, if it's ok with you, and your users/managers tolerate experimenting, nobody can argue with that.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: