Cisco Support Community
Community Member

Is this possible? 1760 & 4ESW config

Hope someone can help me a bit. I know very little about routers, and what I do know does not seem to apply to my new job.

Our current hardware is a 1760 router with a WIC-T1 CSU and a WIC-4ESW (which is not being used). We also have the Firewall featureset.

We have a /29 subnet available to us. The serial port is presently IP unnumbered to FastEthernet0/0. The FastEthernet0/0 is assigned the network address for our public network and also assigned the private address for our internal network.

Our network and 4 servers are attached to a switch which connects to FastEthernet0/0. Two of the servers are mail and web, so have public access requirements.

The router provides NAT and DHCP for my network.

The router is not used for routing at all; it was purchased as a firewall.

My problem is that while our current config works, we are pretty much limited to using ACLs for security. I have tried to configure firewall features using SDM, but it complains that it must have 2 interfaces with IP addresses.

My goal? I need to have 2 ports with IP addresses assigned so I can use SDM to set a firewall up. I need to have the servers with Public IP addresses accessible from either the network or the internet. Ideally I would like to have them placed on the WIC-4ESW.

I have had some suggestions from other forums, but have not had the experience to know if they were valid, or if something in my configuration did not work. I think I would just like to start from scratch.

I am not really asking for a complete config - I think if someone just described what needed to be done i could do it.


Re: Is this possible? 1760 & 4ESW config


you could connect both your servers to a port on the ESW module, put both ports in a new VLAN (e.g. VLAN 2), configure a VLAN interface (interface Vlan 2) and assign a public address to that interface as well (which would come from the same /29 range). That way, you have an additional interface as well, and you could use SDM to configure additional firewall functionality.

Does that make sense ? Let me know if this is not clear, or if you run into something...



CreatePlease to create content