Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Best IP Address Config for Router and PIX

Our current network setup is:

Internet--->router--->pix506e->local network

The router in use is ISP provided, and very simple, it has a single public IP x.x.x.185.

Outside on the PIX is set to x.x.x.188 and inside is 192.168.93.1.

The internal subnet is 192.168.93.0/24

We have acquired a 1721 router, which has two interfaces.

I have set Dialer0 to x.x.x.188, and FastEthernet0 to 192.168.93.10. In this case I can ping external IP addresses from the router, but not the PIX.

How do I set this up such that the pix can be accessed at x.x.x.188, through the 1721?

6 REPLIES
New Member

Re: Best IP Address Config for Router and PIX

Hi,

you need to set NAT in your router, because the ip of f0 is your internal address, internet doesn't it.

New Member

Re: Best IP Address Config for Router and PIX

With NAT set in the 1721 will the PIX be accessable as x.x.x.188?

I would like initially to replicate the current set-up, the other public addresses will be used later for more services from the inside.

New Member

Re: Best IP Address Config for Router and PIX

Oh, your PIX outside address is x.x.x.188, but it connects to 1721 Fa0, the ip of fa0 is 192.168.x.x?

I think you should setup a public in the fa0, or your outside address is 192.168.x.x.

if fa0 is public address, the nat/pat should be set up in PIX. I guest you did.

New Member

Re: Best IP Address Config for Router and PIX

My confusion comes from the fact that the current router has only one IP, the public one, whereas the 1721 seems to need two.

If Fa0 is set to a public address, what happens to the address on the ADSL interface?

The current config is below:

!

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname xxxx

!

boot-start-marker

boot-end-marker

!

logging console emergencies

enable secret 5 xx

enable password 7 xx

!

no aaa new-model

!

resource policy

!

clock timezone BST 1

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

no ip source-route

no ip gratuitous-arps

!

!

no ip dhcp use vrf connected

!

!

ip cef

no ip bootp server

!

!

!

!

interface ATM0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

hold-queue 224 in

pvc 0/38

protocol ip x.x.x.191 broadcast

dialer pool-member 1

protocol ppp dialer

!

!

interface FastEthernet0

ip address 192.168.93.10 255.255.255.0

speed auto

full-duplex

no cdp enable

!

interface Dialer0

ip address x.x.x.185 255.255.255.0

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap callin

ppp chap hostname xx

ppp chap password 7 xx

!interface Dialer1

no ip address

no cdp enable

!

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

no ip http server

!

!

dialer-list 1 protocol ip permit

no cdp run

!

control-plane

!

!

line con 0

exec-timeout 0 0

line aux 0

line vty 0 4

password 7 xx

login

!

no process cpu extended

no process cpu autoprofile hog

sntp server 192.168.93.4

end

New Member

Re: Best IP Address Config for Router and PIX

So, I know what you have.

(1)

setup a ip 192.168.93.x/24 on the fa0 of 1721, and config pat on the router.

pix set as Transparent mode. no ip on the pix.

or (2)

set ip 192.168.1.1/30 on the fa0 of 1721.

set ip 192.168.1.2/30 on outside of pix.

ip 192.168.93.x/24 on inside

set route 192.168.93.x/24 to 192.168.1.2 on router

set route 0.0.0.0 to 192.168.1.1 on pix

set pat on router

New Member

Re: Best IP Address Config for Router and PIX

I will try the second option this evening, as this is a production network.

Is it possible to do the first option on a PIX506E? If so, I do not know how.

I am sure I am making this sound more complicated than it is, this should be a simple task I am sure.

From the ISP I am given an IP range x.x.x.185-191 with 185 as the gateway. If I were to only use public addresses how would I set up the 1721?

i.e. Server (x.x.x.188)->1721->Internet

I should be able to work out the rest from there.

274
Views
0
Helpful
6
Replies
CreatePlease to create content