09-21-2009 05:21 AM - last edited on 03-25-2019 03:26 PM by ciscomoderator
Does anyone have any information/advice on how to perform the following setup:
I have 2 networks running on the router:
fa0/0 has a 29 bit subnet with 6 usable public IP addresses - one being used by the router, and another being used by an internal device.
fa0/1 has a public IP that is subnetted with a 27 bit subnet.
I want to have a public IP address (in the same network as fa0/0) on fa0/0/3 - switch port.
I am running Version 12.4(3a).
Since this is one network, is it possible to setup the router to send all traffic to an ip address in that range?
Thanks for any advice or help.
Solved! Go to Solution.
09-22-2009 12:24 AM
I would not use ACL for this, also considering that it's a FW you're connecting, should be able to look after himself.
Please remember to rate useful posts with the scrollbox below.
09-21-2009 08:01 AM
Ys, the most common setup is that you give your device a private address, the set static NAT for an IP of your to got to it.
This gives to it "firewall protection.
If you want to have it public address and no NAT protection, either put a small switch, or move fa0/0 configiuration to vlan 1 then connect another port of the esw4 to isp router.
09-21-2009 12:01 PM
Paolo,
Thanks for you thoughts and input. Because of my current config, I didn't want to go with the vlan; I may eventually have to.
The router, fa0/0 and fa0/1, uses public IP addresses, and I don't want to disturb them.
Since the 4ESW is a layer 2 card, it doesn't let me give it an ip address, but I can put it on a vlan.
The static NAT may be a good solution, but I'm not exactly sure of the static config on the router. I'm more familar with e PIX/ASA, and It's not the same command(s).
I looked on Cisco's website but the static configs were a little unclear. Are routers basically the same? I have a block of public IP addresses and I can do a static NAT to an inside address? From the router?
Placing a switch in front of the router would give another point of failure, but may be the most simple and fast solution.
Once I get an interface passing traffic, I want to install a PIX firewall on it.
BTW, my software version: (C2800NM-ADVSECURITYK9-M), Version 12.4(3a).
Thanks a lot for your help.
09-21-2009 12:37 PM
ip nat source inside
That's it.
09-21-2009 02:27 PM
Apologies for the truly poor spelling of my first message - please ask for any clarification you may need.
09-21-2009 05:47 PM
No problem with the spelling; I didn't even notice. I really appreciate your help with this.
So, the static is close to the same as the firewall. After the static, are there access-lists that need to be added?
09-22-2009 12:24 AM
I would not use ACL for this, also considering that it's a FW you're connecting, should be able to look after himself.
Please remember to rate useful posts with the scrollbox below.
09-21-2009 05:49 PM
You have been more help than Cisco's TAC.
09-22-2009 04:41 AM
Well, I must be missing something. Here's the command I used:
ip nat inside source static
My IOS wouldn't let me use that exact command. I still can not pass traffic.
09-22-2009 05:34 AM
Can you check "show ip nat trnslation verbose" ?
Assuming you can ping the private address, the public is correctly routed by ISP, etc.
09-22-2009 06:12 AM
The 'ip nat translations verbose' comes up with nothing.
Because of the 4ESW card, does the fa0/0/2 interface need to be assigned to vlan1 - the default vlan?
09-22-2009 06:42 AM
I take that back. I think I have to get back to basics. I have a laptop connected to the switch port. I replaced the straight cable with a cross-over, and I get this, for the 'ip nat trans verb':
---
RT01#sh ip nat trans verb
Pro Inside global Inside local Outside local Outside global
--- xxx.xxx.xxx.190 192.168.123.1 --- ---
create 00:04:02, use 00:04:02 timeout:0,
flags:
static, use_count: 0, entry-id: 5, lc_entries: 0
I take it the 4ESW isn't auto-sensing.
09-22-2009 08:17 AM
Strange, for connecting a laptop to ESW ports, a straight cable should work, but not a crossed one.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide