Solved: Re: Business Case for Cisco Intelligent WAN - Page 2

maani · ‎01-15-2019

Hi,

Everyone, I'm configuring Cisco 1841 Router with ISP provided Public IPs. Everything is working. Just wondering how can i assign GW & DNS in WAN Interface. Right now i've put GW & DNS servers in DHCP server which is assigning to LAN clients & Internet is working. But i know this isn't the proper way. Anybody can help??

lets say 111.111.111.12 is my public IP

GW 111.111.111.14 is Gateway

DNS: 8.8.8.8

pasting my show run....

EdgeRouter#show run

Building configuration...

Current configuration : 1485 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname EdgeRouter

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$18P8$zophbkZPasse7890xZID50

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

no aaa new-model

ip subnet-zero

ip cef

!

ip dhcp excluded-address 192.168.2.1 192.168.2.10

!

ip dhcp pool Local

network 192.168.2.0 255.255.255.0

default-router 111.111.111.14

dns-server 84.235.6.55 84.235.57.230

!

no ip domain lookup

ip ips po max-events 100

no ftp-server write-enable

!

no crypto isakmp ccm

!

interface FastEthernet0/0

ip address 111.111.111.12 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

ip classless

ip route 0.0.0.0 0.0.0.0 111.1111.111.14

!

ip dns server

!

ip http server

no ip http secure-server

ip nat inside source list 1 interface FastEthernet0/0 overload

!

access-list 1 permit 192.168.2.0 0.0.0.255

!

control-plane

!

banner login ^Cine

Your Activity is being Monitored ^C

!

line con 0

password 7 110A1016141D

login

line aux 0

line vty 0 4

privilege level 15

password 7 0132202A7A26260635624B1D0E0A05194F58566B

login

line vty 5 15

privilege level 15

password 7 0132202A7A26260635624B1D0E0A05194F58566B

login

!

end

EdgeRouter#

maani · ‎01-15-2019

Let me try again. The GW provided by your ISP is used in your static default route. Just to be sure is this the GW that you are talking about >>>> GW provided by ISP. 111.111.111.12,

Usable Public IP: 111.111.111.14

ip route 0.0.0.0 0.0.0.0 111.1111.111.12

Richard Burts · ‎01-15-2019

OK. If that is the gateway that we are talking about then the static default route is how you use that GW.

Let me ask a question about your ISP and the addresses that they have given you. Did they give you 2 subnets (one to use on your WAN interface which subnet includes the GW address and a second subnet to use for clients inside your network) or did they give you just one subnet (which would be used both for your WAN and for your clients)?

HTH

Rick

HTH

Rick

Richard Burts · ‎01-15-2019

There appears to be some confusion about the addressing. In your recent response you tell us that

GW is 111.111.111.12
IP is: 111.111.111.14

which is different from what was in your original config which showed .12 as the address and .14 as the gateway. If this recent information is correct it would be easy to change the config to match this.

I have something else that you may want to think about. If this router will be connecting your client devices to the Internet there may be some question about providing security for those devices as they access the Internet. One possibility is that the ISP might provide that security. Another possibility is that you might be providing some firewall to protect their traffic as it goes to the Internet. The other possibility is that you might configure access lists (or Zone Based Firewall) on the router to protect the traffic.

HTH

Rick

HTH

Rick

maani · ‎01-15-2019

I can understand that. Don't get confused. Point is we've one Public IP and one GW. And how we can configure Router as Edge WAN Router just like normal other small Routers at home or SMB.

Security:
1- ISP has its own SLA for this Cooperate connections, but they haven't provided any additional firewall / security device to the site.

2- We don't have firewall right now. Only device between WAN & LAN is this Router Cisco 1841.
3- Access List & Zone Based Firewall, Thats what I can dig into it. Please if you've some useful links regarding this topic Share it here. Thanks again for your time.

Richard Burts · ‎01-15-2019

I did not understand correctly the mention early in this discussion about /24 subnet. Thank you for clarifying that the ISP has provided 1 IP address, 1 Gateway address, and 2 DNS addresses.

Here is a link about Zone Based Firewall which I hope you will find helpful.

https://community.cisco.com/t5/security-documents/ios-zone-based-firewall-step-by-step-basic-configuration/ta-p/3142774

HTH

Rick

HTH

Rick

maani · ‎01-15-2019

No They just provided One Subnet One Public IP and One GW. With 2 DNS Servers. This one IP i've configured on WAN Interface and for fa0/1 LAN int i've configured 192.168.2.1 /24

maani · ‎01-15-2019

You're absolutely right MR Richard. I know this gateway is wrong. Gateway for LAN subnet should be in same subnet. I told you i've very basic knowledge about cisco. I tried with before with local subnet GW & DNS as router address. Internet didn't work. Now I understand mistake was i didn't configure routers as DNS server. It should be configured. My question should forget about about GW provided by ISP?? No need to put it anywhere??

maani · ‎01-15-2019

Yes Dear you're right.... I mentioned in last reply what is my purpose with DNS. I'm sorry i have a very basic knowledge with Cisco. Hope you guys can guide me into right direction.

maani · ‎01-15-2019

I think one of my reply wasn't posted, posting again. Regarding your question in first post.

1- I want to use this router as any other small router. Which has one WAN Interface. Where you can configure Static IP with Subnet , with GW & DNS.

In plain & Simple this is my concern.