I'm hoping y'all can help me. I have a client who has a firewall, but has outgrown it. I have a 2514 with 2 CAT-5 transceivers for the AUI ports that I want to use for the firewall. It has IOS version 11.2. I am planning on using Ethernet 0 for the WAN and Ethernet 1 for the LAN. I have 3 questions that I cannot find the answers to:
1) How can I get the router to accept a Class C subnet address on a Class A IP address - 10.0.0.10 255.255.255.0 (Clients LAN configuration)?
2) How do I add the Primary and Secondary DNS addresses on Ethernet 0 (WAN)the way I would in a firewall?
3) How do I add the Gateway address to Ethernet 0 (WAN) the way that I would in a firewall?
Personally I don't recommend this approach for your client. First of all 2500 are end-of-life and no longer supported. Secondly version 11.2 of code is not only end-of-life not supported but so outdated that it could be full of bugs and a potential security risk. Also, does it have the firewall feature set? If not you won't have the added security of those features as well. I strongly recommend looking at a PIX or at least a newer router instead.
I fully understand what you are saying, and I agree. I was hoping to move towards a 501 at least. But this is what I was given to make work, so I was hoping to get help, as I have never had to do this before. I have set up 2500 and 2600 series routers segmenting Ethernet networks, but not one as a WAN side. Any help with this is greatly appreciated.
If this is connecting to a WAN then I highly recommend the ISR routers. Although you will buy a router, you can at least consolidate the security functiality successfully with the 1800 or 2800 series routers. The neat thing about this approach is that you get webvpn/sslvpn capability, strong IPS potential (much better than a pix) and full ip routing to boot! If you are determined to use a dedicated security appliance in the mix, I would advocate an ASA 5500 over the PIX.
I'm don't think I explained well enough that I didn't choose the 2514 for any reason. That is what the client has, and that is what my boss gave to me to make work. I haven't used a 2514 in quite a while, but now I have been tasked in using it as a small firewall, and I'm having trouble with the three items listed above. If anyone could please help me through this hurdle, I would really appreciate it.
I figured out everything except for the network class issue. The client is running a class A network, 10.0.0.x, but is running a class C mask, 255.255.255.0. When I try to set Ethernet 0 with that pair, I get a "bad mask /24" error, and it refuses to accept the combination. Is there a way to force the router to accept this unusual ip/subnet pair?
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...