cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
788
Views
0
Helpful
7
Replies
Highlighted
Beginner

Cisco 2620 Router ASA5505 and Qwest T1 with ppp encapsulation

Hello,

I am trying to setup a cisco 2600 router that will be used to connect to a Qwest internet T1. I will have a Cisco ASA firewall behind the router so that I can build a site to site VPN tunnel. Qwest requires PPP encapsulation. The Lan side network is 10.2.0.0/16. Qwest gave me their serial IP address and my serial ip address which was I used to configure the route. The ethernet interface was configured for the local Lan side subnet and i natted both the inside and outside interface of the router. I am not sure if this is correct. How do I configure the router so that I can use one of the available public IP Addresses as the outside interface of the ASA?

Here is the config of the router:

version 12.2
no parser cache
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname cedar
!
logging rate-limit console 10 except errors
enable secret 5 xxxxxxxxxx
enable password xxxxxx
!
ip subnet-zero
ip audit notify log
ip audit po max-events 100
no ip dhcp-client network-discovery
call rsvp-sync
interface FastEthernet0/0
description Lan Interface
ip address 10.2.1.1 255.255.255.0
ip nat inside
no ip route-cache
no ip mroute-cache
speed auto
full-duplex
no mop enabled
!
interface Serial0/0
ip address 65.121.x.x 255.255.255.252
ip nat outside
encapsulation ppp
fair-queue
service-module t1 clock source internal
service-module t1 timeslots 1-24
!
ip nat inside source list 1 interface Serial0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 65.121.x.x (qwest serial IP address)
ip http server
ip http authentication local
!
access-list 1 permit 0.0.0.0 255.255.0.0

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Ron

Yes the router should have a default route (0.0.0.0) pointing to the Qwest serial IP as the next hop to get traffic out and it would have a route for 10.1.9 with the ASA outside interface (using the public IP) as the next hop. The ASA would have a default route (0.0.0.0) with the router Ethernet (using the public IP) as the next hop.

You should be able to access the router to debug or change the config by using its Ethernet address (or for that matter you might also be able to access the router using its serial interface public address).

HTH

Rick

HTH

Rick

View solution in original post

7 REPLIES 7
Highlighted
Hall of Fame Guru

Ron

Here are several points to answer parts of your question:

- I do not believe that is is possible to use the public address on the ASA if Qwest gave you only a single public address. In my experience it is common that the provider will give you an address (typically in a /30 subnet) for the Internet connection and will also give another address (or block of addresses) to be used inside the network. Has Qwest given you more than one address?

- you tell us that the inside network is 10.2.0.0/16 but you configure the interface as 10.2.1.0/24. And there is no route to any other part of 10.2.

- the access list 1 that you use for nat is not correct. In this situation I would think that you might want a simple permit any. but permit 0.0.0.0 255.255.0.0 will not do what you want.

HTH

Rick

HTH

Rick
Highlighted

Rick thanks for getting back to me on this. Yes the ISP gave me a Lan IP block of:

LAN IP Block:     63.233.x.x/29    (255.255.255.248)

Customer Serial:  65.121.74.x/30  (255.255.255.252)

Qwest Serial:     65.121.74.x/30      (255.255.255.252)

My network here is 10.2.x.x/16

but when I send the router offsite it will be a 10.1.9.0/24

I just put my current network IP on the ethernet interface so I could telnet to the router.

Highlighted

Ron

Your original post did not mention anything about sending the router to another site. So perhaps we need to be sure that we have a good understanding of what you are planning so that we can give you better advice.

Am I correct in assuming that it will be Qwest T1 to 2600 router, router connected by Ethernet to ASA, and ASA connected by Ethernet to inside network at the remote site? If so there may be a couple of options in how to configure it but I would suggest this:

- Qwest public IP /30 on the T1 to 2600.

- one IP from the LAN block on the 2600 Ethernet interface

- another IP from the LAN block on the ASA outside interface

- 10.1.9.x on the ASA inside interface to the inside network.

HTH

Rick

HTH

Rick
Highlighted

Yes I think that may have it. On the ASA would I set the route for 0 0 to LAN IP on th router? ie 63.233.x.x and from the router set the route to Qwest's serial IP?

Since the router wont have a 10.1.9.xx IP address how would I be able to access the router to debug or change the config. And by the way thanks for all of your help....

Highlighted

Ron

Yes the router should have a default route (0.0.0.0) pointing to the Qwest serial IP as the next hop to get traffic out and it would have a route for 10.1.9 with the ASA outside interface (using the public IP) as the next hop. The ASA would have a default route (0.0.0.0) with the router Ethernet (using the public IP) as the next hop.

You should be able to access the router to debug or change the config by using its Ethernet address (or for that matter you might also be able to access the router using its serial interface public address).

HTH

Rick

HTH

Rick

View solution in original post

Highlighted

Appreciate the help.

Highlighted

Ron

I am glad that my suggestions were helpful and that they assisted you in figuring how it should work. Thank you for using the rating system to mark this question as answered. It makes the forum more useful when people can read a question and can know that a solution was found. Your marking has contributed to this process.

HTH

Rick

HTH

Rick