Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

WAN- Config Questions

I have just had a 10Meg ethernet turned up and I was given 2 sets of addresses. the first set is:

Wan

65.45.145.108/30

With a network side,customer side and default gateway.

I was also given:

Lan Block1

209.127.75.96/27 for our LAN block.

I am using a 3825 router and want to nat\pat everything inside the network.

Do I need to put another router (1750 with a wic-1enet) between the 3825 and the wan dmarc?

Do I put that 1750 with the "customer side address" on e/0 with a routing statement to route all traffic to the "network side address" which is the address on their device?

If so... then do I put the default gateway address of the public lan pool (209.x.x.x) on the f\0 of the 1750?

Then would I put one of the (209.x.x.x) addresses on the g 0/0 (wan side) of the 3825 and my 172.x.x.x private on the g 0/1 (lan side) of the 3825? and then add the necessary routing statments to make it all work?

Any help would be most appreciated!

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: WAN- Config Questions

James

No problem. Still a little confused ie. "How does traffic know that my 209.x.x.x addresses are located at the 3825?"

Well the 209.x.x.x address range will be routed by your ISP to the relevant site and the other public address range will be routed by your ISP to the sister site.

Jon

15 REPLIES
Hall of Fame Super Gold

Re: WAN- Config Questions

James

You are trying to make it much more difficult than it needs to be. You do not need any other router. You should put the /30 on the interface and you should create a pool of addresses on the 3825 with the /27 and do NAT/PAT with that address pool.

HTH

Rick

Hall of Fame Super Blue

Re: WAN- Config Questions

You can terminate the 10Mbs connection into your 3825 router. So

int fa0/0

ip address 65.45.145.109 255.255.255.252

ip route 0.0.0.0 0.0.0.0 65.45.145.110

Note - this is assuming your address is .109 and default-gateway ie. ISP address is .110. It may be the other way round.

Then you can use this interface to PAT all internal clients ie. assuming internal LAN is on fa0/1 and is 192.168.5.0/24

access-list 101 permit ip 192.168.5.0 0.0.0.255 any

ip nat inside source list 101 interface fa0/0 overload

int fa0/1

ip nat inside

int fa0/0

ip nat outside

The above takes care of your internal clients to Internet.

Then you can use your 209.127.75.96/27 block for servers inside that you want to give access to from internet eg.

server 192.168.7.10 internal

ip nat inside source static 192.168.7.10 209.127.75.97

etc.. for each server.

Jon

Community Member

Re: WAN- Config Questions

The other issue here which I should have included is that I have a sister location with exactly the same setup for addresses and internet. I also have a 3825 at that location and need to connect the 2 with a static VPN. I also need to grant access to people using the software vpn clients to both locations as well. How does traffic know that my 209.x.x.x addresses are located at the 3825?

Hall of Fame Super Blue

Re: WAN- Config Questions

James

"The other issue here which I should have included ..."

Hmmm, yes you probably should have mentioned that :-).

Not sure what you mean about having the same addressing at another site. How does this work. If the same addressing is replicated in 2 sites then the traffic won't know which site to go to. Perhaps you could clarify.

Jon

Community Member

Re: WAN- Config Questions

Sorry for lack of clarity here.

What I meant is that at the other site I have the same setup but of course they are different wan, lan address ranges.

Community Member

Re: WAN- Config Questions

Sorry for lack of clarity here.

What I meant is that at the other site I have the same setup but of course they are different wan, lan address ranges.

Hall of Fame Super Blue

Re: WAN- Config Questions

James

No problem. Still a little confused ie. "How does traffic know that my 209.x.x.x addresses are located at the 3825?"

Well the 209.x.x.x address range will be routed by your ISP to the relevant site and the other public address range will be routed by your ISP to the sister site.

Jon

Community Member

Re: WAN- Config Questions

Ok. That makes sense. Would I add the 209.x.x.x address to the g0/0 interface of the 3825 as well as the 65.x.x.x address? This is why I thought I might need an additional router.

Hall of Fame Super Blue

Re: WAN- Config Questions

It's all to do with routing. You don't need to add the 209.x.x.x address to your gi0/0 interface as long as the ISP routes all traffic destined for the 209.x.x.x subnet you have been allocated to the outside interface of your 3825 ie. the 65.x.x.x address.

Your ISP should be doing this if they have allocated you the 209.x.x.x subnet.

Jon

Community Member

Re: WAN- Config Questions

On the server internally I want to use a private ip address range and nat the public 209.x.x.x to the server. I dont want to use public ip address directly on the servers themselves. Will this work that way?

Hall of Fame Super Blue

Re: WAN- Config Questions

Yes it will work.

server = 192.168.5.10

public address - 209.127.75.97

ip nat inside source static 192.168.5.10 209.127.75.97

Jon

Community Member

Re: WAN- Config Questions

Sorry for lack of clarity here.

What I meant is that at the other site I have the same setup but of course they are different wan, lan address ranges.

Re: WAN- Config Questions

You do not need another router. The /30 is the point-to-point link between you and your provider. The /27 is the routeable address space assigned to you. You can/should assign one of your public IP's (209 network) to the router. Will your private network be directly connected or will you have a firewall in between?

Re: WAN- Config Questions

you can terminate the ethernet WAN circuit directly on the 3825 router and configure the /30 address block for that interface

Have the private 172.x.x.x network connected to the other interface and NAT them to the public interface address

Narayan

Hall of Fame Super Bronze

Re: WAN- Config Questions

I guess you have nothing better than a 1750?

Based on the limitation, I would put the 1750 between the 3825 and the WAN Dmarc, as you have a 10Mbps interface on the 1750 and you are being serviced with a 10Mpbs connection. I actually recommend getting a better router for this, though.

In addition, I recommend placing a switch between the 3845 and the 1750 so you can actually place another devices in this zone if you want to circumvent the NAT.

The 1750 will have the WAN IP and one IP from the LAN block the ISP with default gateway towards the WAN.

The 3845 will have one IP from the LAN block on the WAN facing interface and internal IP on the LAN facing interface with NAT configured. The gateway will be the LAN IP from the 1750.

HTH,

__

Edison.

260
Views
5
Helpful
15
Replies
CreatePlease to create content