04-06-2002 08:56 PM - edited 03-01-2019 09:12 PM
Hi,
I have one 2610 router at each of my two offices. These routers are connected to Internet . Both the routers have additional serial and ISDN BRI WAN ports. I want to use these ports to connect the two offices.
I was told that the router connected to the internet cannot be used for private WAN. Is this true?
If this is possible please help me by giving configuration required :
1) what to NAT and what not to NAT
2) The interface used for private WAN should be defined as an inside interface or an outside interface.
thanks
04-08-2002 04:21 AM
Nope--it's not true. The configuration will be a little more complex, but it is possible. What is most likely to be the easiest way to handle this is to set up the defaults towards the internet on both routers (which I assume you already have), then use route maps with extended access lists to set up the nat translation pools. For instance:
10.x 10.x
| |
rtr1----rtr2
| |
\ /
internet
On both routers, create your nat pool, then:
ip nat inside source route-map foo pool
!
route-map foo permit 10
match ip address 101
!
access-list 101 deny ip any 10.0.0.0 0.255.255.255
access-list 101 permit ip any any
!
This should weed out the traffic destined to the other site from being nat'd. You could also match on the outbound serial interface towards the internet on both routers, or (negative) match on the bri towards the other site.
This should get you enough to build something that works out of it.
Russ
04-12-2002 08:50 PM
You can use the router for both, however from a security standpoint the Cisco Safe blueprint would probably not recommend it.
You can NAT on the router or depending on the size of your firm and configuration buy two PIX 501's and create a VPN, or 1700's are cheap these days for the point to point.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide