Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Using a 2514 as a firewall

I'm hoping y'all can help me. I have a client who has a firewall, but has outgrown it. I have a 2514 with 2 CAT-5 transceivers for the AUI ports that I want to use for the firewall. It has IOS version 11.2. I am planning on using Ethernet 0 for the WAN and Ethernet 1 for the LAN. I have 3 questions that I cannot find the answers to:

1) How can I get the router to accept a Class C subnet address on a Class A IP address - 10.0.0.10 255.255.255.0 (Clients LAN configuration)?

2) How do I add the Primary and Secondary DNS addresses on Ethernet 0 (WAN)the way I would in a firewall?

3) How do I add the Gateway address to Ethernet 0 (WAN) the way that I would in a firewall?

Any help I can get is greatly appreciated.

Thanks,

Hank Lambert, CCNA

5 REPLIES
Silver

Re: Using a 2514 as a firewall

Personally I don't recommend this approach for your client. First of all 2500 are end-of-life and no longer supported. Secondly version 11.2 of code is not only end-of-life not supported but so outdated that it could be full of bugs and a potential security risk. Also, does it have the firewall feature set? If not you won't have the added security of those features as well. I strongly recommend looking at a PIX or at least a newer router instead.

Hope this helps.

Steve

Community Member

Re: Using a 2514 as a firewall

I fully understand what you are saying, and I agree. I was hoping to move towards a 501 at least. But this is what I was given to make work, so I was hoping to get help, as I have never had to do this before. I have set up 2500 and 2600 series routers segmenting Ethernet networks, but not one as a WAN side. Any help with this is greatly appreciated.

Thanks,

Hank

Silver

Re: Using a 2514 as a firewall

If this is connecting to a WAN then I highly recommend the ISR routers. Although you will buy a router, you can at least consolidate the security functiality successfully with the 1800 or 2800 series routers. The neat thing about this approach is that you get webvpn/sslvpn capability, strong IPS potential (much better than a pix) and full ip routing to boot! If you are determined to use a dedicated security appliance in the mix, I would advocate an ASA 5500 over the PIX.

HTH

Community Member

Re: Using a 2514 as a firewall

I'm don't think I explained well enough that I didn't choose the 2514 for any reason. That is what the client has, and that is what my boss gave to me to make work. I haven't used a 2514 in quite a while, but now I have been tasked in using it as a small firewall, and I'm having trouble with the three items listed above. If anyone could please help me through this hurdle, I would really appreciate it.

Thanks in advance.

Hank Lambert, CCNA

Community Member

Re: Using a 2514 as a firewall

I figured out everything except for the network class issue. The client is running a class A network, 10.0.0.x, but is running a class C mask, 255.255.255.0. When I try to set Ethernet 0 with that pair, I get a "bad mask /24" error, and it refuses to accept the combination. Is there a way to force the router to accept this unusual ip/subnet pair?

Hank Lambert, CCNA

129
Views
0
Helpful
5
Replies
CreatePlease to create content