Re: Using a router for both Internet and branch office WAN

manj · ‎04-06-2002

Hi,

I have one 2610 router at each of my two offices. These routers are connected to Internet . Both the routers have additional serial and ISDN BRI WAN ports. I want to use these ports to connect the two offices.

I was told that the router connected to the internet cannot be used for private WAN. Is this true?

If this is possible please help me by giving configuration required :

1) what to NAT and what not to NAT

2) The interface used for private WAN should be defined as an inside interface or an outside interface.

thanks

ruwhite · ‎04-08-2002

Nope--it's not true. The configuration will be a little more complex, but it is possible. What is most likely to be the easiest way to handle this is to set up the defaults towards the internet on both routers (which I assume you already have), then use route maps with extended access lists to set up the nat translation pools. For instance:

10.x 10.x

| |

rtr1----rtr2

| |

\ /

internet

On both routers, create your nat pool, then:

ip nat inside source route-map foo pool

!

route-map foo permit 10

match ip address 101

!

access-list 101 deny ip any 10.0.0.0 0.255.255.255

access-list 101 permit ip any any

!

This should weed out the traffic destined to the other site from being nat'd. You could also match on the outbound serial interface towards the internet on both routers, or (negative) match on the bri towards the other site.

This should get you enough to build something that works out of it.

Russ

tmoreo · ‎04-12-2002

You can use the router for both, however from a security standpoint the Cisco Safe blueprint would probably not recommend it.

You can NAT on the router or depending on the size of your firm and configuration buy two PIX 501's and create a VPN, or 1700's are cheap these days for the point to point.