Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Need advice on T1

I am installing a new connection to the Internet using a Data T1.

Internet --- 2610XM /CSU-DSU Wic ----ASA 5510 --- Switch

I am unsure how to configure the 2610XM on routing between the T1 interface and the Ethernet Interface. Does each interface need a IP or can the inbound traffic be configured to pass all traffic straight too the firewall and let the firewall do the rest? Sample configs would really be appreciated. Thanks to all for any replies.

3 REPLIES

Re: Need advice on T1

Yes you will need two subnets. The wan link (typically is given a /30 subnet by your ISP). Two host ip addresses can be configured on this link. One is configured on serial 0 while the other is configured on your ISP router terminating your T1.

On the ethernet side, you can either use another public address space (Typically given by your service provider). This could usually be a /29 or /28 mask depending upon how many public IPs you need. If you dont need that many ip addresses, you can configure a private ip address segment between the router and ASA. (Typical uses of these ip addresses are publically accessible web servers, vpn concentrators, vpn terminations on ASA or PIX etc, mail servers etc)

Now you can NAT your IP addresses on the inside either at the 2600 or you can do it on the ASA 5510.

If doing at the 2600, you will use PAT over the serial interface ip address. If using NAT on the ASA 5510, you will need that second pool of ip address using which you can do a combination of NAT or PAT or both.

These links might guide you to configuring your ASA. I would suggest downloadingt ASDM files and install it into the PIX and use the ASDM to configure the ASA, if you are not familiar with PIX OS command set.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00804619d8.shtml

http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html

New Member

Re: Need advice on T1

Thanks. I had planned pending a second opinion,to NAT at the ASA5510 since I am running private addressing internally already and plan on using the ASA5510, to configure a DMZ to hang a front-end for email and other services that will need public addressing. I just wans't sure about the routing between the ISP and the 2610 to get to the ASA5510.

Re: Need advice on T1

Then you would ask for a second address space (/28 or /29) for the ethernet segment between ASA and 2600(ISPs usually give this for an extra fee per month).

ISP will route your wan segment as well as ethernet segment to your 2600 router. The ASA should have a default route to the 2600 and 2600 should have a default route to your ISP router.

You can split the /28 that you get from your ISP into two /29 subnets and use one on the ethernet segment between ASA and 2600, while use the other to either NAT internal addresses, or create statics for your DMZ servers.

189
Views
5
Helpful
3
Replies
CreatePlease to create content