cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1585
Views
0
Helpful
16
Replies

Cisco 877 ADSL with Additional routed external IP address

craig.corbett
Level 2
Level 2

Hi All,

Company 1 - We have a Cisco 877 ADSL Router in operation that is doing Nat for a small office with a private internal range and DHCP. And a site to site VPN. All is great. There is one External IP that has a 24Bit mask.

Company 2 – will be moving in soon next door and will be using the same internet connection and will be bringing with them their own Cisco Ethernet Router.

Ideally I plan to give Company 2 their own External IP and plug their External Ethernet port into FE4 of the Cisco 877.

My issue is the Cisco router config – as everything is working fine for Company 1 I’d like to do the minimum config changes required.

I have been told by my ISP they can provide a single routable address.

I have been looking into what config on the 877 is needed but I am unsure exactly. I am thinking IRB?

Any comments greatly appreciated.

Thanks,

Craig.

16 Replies 16

Jennifer Halim
Cisco Employee
Cisco Employee

Yes, if your ISP can provide a single routable IP towards the existing external IP that would work out for you.

Your current company 1 877 router can be configured with NATing for this new routable IP for company 2 LAN.

The current 877 router should already have proxy arp enabled on the outside interface, and once the ISP routes the new external IP to your existing 877, then you can configure the NAT, eg:


access-list 101 permit ip any

ip nat pool companyB-pool

ip nat inside source list 101 pool companyB-pool

The above is assuming that you currently have the NAT with ACL specific to company A LAN (instead of "permit ip any any" for the ACL on NAT statement).

Hope that answers your question.

Hi Jennifer thanks for your reply.

Would this allow me to configure the new external routable IP directly on the WAN interface of company 2’s router?

No, in the scenario that I advised earlier, you don't have to use company 2 router anymore. Everything will be terminated on company 1 router, and by routing the new external IP towards company 1 router.

Sorry I should have mentioned that it is a specific requirement by company 2 that they have an external IP configured directly on WAN interface of their router – one of the reasons being that they are using telephony features on it and will be using SIP.

So they need to make sure that the packets are identified correctly by their sip provider by having an external IP directly configured on the outside interface of their router Cisco UC500.

In that case, just terminate the ISP directly on company 2 router as they already are. To keep it simple, just have 2 ISP connections, ie: 1 to company 1 router and the second to company 2 router if you are going to use company 2 router anyway.

The issue is timing and cost – we’re not going be able to install a line and have adsl enabled in time here in the UK.

Is there any way it can be done?

Just re-reading your first post, did you say you have /24 public IP for company 1? That means, you have spare public ip addresses within company 1 /24 public IP?

How is company 1 connected to the ISP? via ethernet?, directly? or via switch?

halijenn wrote:

Just re-reading your first post, did you say you have /24 public IP for company 1? That means, you have spare public ip addresses within company 1 /24 public IP?

How is company 1 connected to the ISP? via ethernet?, directly? or via switch?

Jennifer,

the OP has clearly stated:

I have been told by my ISP they can provide a single routable address.

Consequently, he can only provide port-forwarding to the router for the other company.

If that is not enough for their needs, they will have to subscribe an additional ADSL circuit, that is very economical.

paolo - the ISP can provide additional routed IP addresses. I have checked and they can provide as many as we want – but they are routable the WAN interface will remain the same current IP / 28 Mask.

If the ISP can assign additional IP addresses, then you can give one to the 2nd router, by static NAT or sometime even without, using an approproate configuration.

Paolo , static Nat was my original thought but it has to be a routable ip directly assigned to the external interface of the router.

The reason for this is that company 2 using Cisco router UC500 will be using sip for call termination inbound and outbound. With static Nat outbound calls will fail as the header of the sip packets will contain the original private IP addresses and not the external IP address and therefore outbound calls fail due to authentication.

Craig,

Cisco NAT has ALG (Application Layer Gateway), meaning it will analyze each SIP packet, and replace addresses as necessary-

Ans, as mentioned above, it may also be possible to assign the address to a 2nd router, without NAT.

Is ALG (Application Layer Gateway) enabled by default when using static Nat? The reason why I’m asking is that I have deployed a number of Cisco voice systems with SIP and have always had this issue and have had to assign the external IP on the outside interface of the router. Shame that ADSL here in the UK is widespread, all Cisco routers with voice e.g. UC500 are Ethernet based so I have to use an ADSL modem as well..

I will look into ALG but ideally I’d like to assign the IP direct on the router.

SIP NAT ALG is enabled by default, and in my direct experience, it works very well.

I agree that for VoIP, it is better to avoid NAT altogether, so this 2nd company has to make a choice, if they want their own circuit, subscribe for one.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: