881 router aquire DCHP parameters

Unanswered Question
Sep 1st, 2010
User Badges:


i have a site where users are connected to a switch (dummy) and then to a modem that deploy DHCP (private ip address, private DNS,...) to access internet. in this case the modem is doing the natting ( to public ip)

now i have a new set up to work on, where users will be connected to 3560 switch -> asa 5505 -> 881 ISR -> modem (connected to internet).

all what i can think about is to give the users DHCP from a pool on the switch and do nat on the firewall and on the router.

In this case the 881 router outside interface will have an ip address acquired from the modem.

i cannot figure it out how the users will connect to internet !!!!!!!!!

1- from where they will get the DNS ip.

2- can the router will get the DNS from the modem.

**  can i nat the ip of users to the outside interface of the firewall, then this natted ip will be natted also by the router to the DHCP ip.

will this work ? Is there any other way?

i mean there will be 3 natting process (firewall, router, modem), i think this will slow down the connection, process,,,,,,,

Sorry for being silly.

Thank you for your help in advance.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Peter Paluch Wed, 09/01/2010 - 13:53
User Badges:
  • Cisco Employee,


About the DNS server, ask your ISP to tell you what are the correct IP addresses. He should have told you that already. Whether the 881 can receive the DNS server settings from the ISP, that depends on whether the ISP is providing this information via DHCP. Technically, there is no problem with that but it really depends on the configuration of your ISP's DHCP service. Still, the 881 does not need to know the DNS server until it is not configured to perform as a caching DHCP server itself (which is currently not, according to your configuration).

Performing a double NAT is possible and it even happens frequently. The question is whether it is necessary to have both ASA and 881 router connected in a row like you have, and whether it would be possible to use just one of them to perform both security features and routing between your internal network and the internet. That would simplify your situation a bit.

Best regards,


gaboughanem Wed, 09/01/2010 - 14:11
User Badges:

Hello Peter,

Thanks man for you fast response, i will ask the ISP for the infomation needed.

Regarding the statement where it is easier to user one devices.

Actually, the Sales people have to sell and we have to face somehow this kind of config .



This Discussion