Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1551
Views
0
Helpful
3
Replies

1841 ADSL config with VPN firewall

Go to solution
acarnegie
Level 1
Level 1

‎11-28-2011 08:28 AM - edited ‎03-04-2019 02:26 PM

Hi,

I have a Cisco 1841 router with an HWIC-ADSL module installed. My ADSL connection is PPPoA with a dialer interface and I have been provided 6 ip's from my provider to use on this service.

Previously I have connected Fa0/0 on the 1841 straight onto my network and used NAT and ACL's on the 1841, I would now like to change this and have Fa0/0 connected to a Palo Alto firewall and use the Palo Alto to provide NAT, Firewall & site to site VPN functions. What config would I require on the 1841 to allow me to use one of my ISP IP addresses on the Palo Alto to allow it to be a VPN endpoint? Do I need to configure the 1841 in bridge mode?

Thanks.

Alistair.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
maayre
Level 1
Level 1

‎11-29-2011 12:39 AM

You could use bridge mode but there is no need, there are two easy ways to solve this with basic routing;

1. Add a /32 static route on the 1841 towards the FW and configure the /32 address on a virtual interface (ie loopback)

2. Configure a /31 (you can use /30 but wasteful) between the 1841 and FW

In both cases make sure default route is set up and facing ISP

View solution in original post

0 Helpful
3 Replies 3

Go to solution
maayre
Level 1
Level 1

‎11-29-2011 12:39 AM

You could use bridge mode but there is no need, there are two easy ways to solve this with basic routing;

1. Add a /32 static route on the 1841 towards the FW and configure the /32 address on a virtual interface (ie loopback)

2. Configure a /31 (you can use /30 but wasteful) between the 1841 and FW

In both cases make sure default route is set up and facing ISP

0 Helpful

Go to solution
acarnegie
Level 1
Level 1
In response to maayre

‎12-02-2011 04:03 AM

Hi Matthew

Thanks for your response. I realise it could be done using simple routing using the method you suggested but this does'nt not allow me to use one of the ISP allocated IP addresses on the interface of my firewall that is behind the 1841. It would also then require NAT to be configured on the 1841 for the VPN connection, this something I do not wish to do.

0 Helpful

Go to solution
slawomir.kunach
Level 1
Level 1
In response to acarnegie

‎12-02-2011 02:56 PM

I think you could also do somethin like this, let say that:

* fa0/0 is your interface goint to PA firewall

* 1.1.1.1 is the first IP in your subnet

int fa0/0

ip address 1.1.1.1 255.255.255.248

int dial 1 (or 0)

ip unnumbered fa0/0

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card