Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2132
Views
10
Helpful
7
Replies

Cisco Integrated Service Router 3825

Go to solution
clevelandwpc
Level 1
Level 1

‎10-06-2017 05:39 AM - edited ‎03-05-2019 09:15 AM

I have a Cisco Integrated Service Router 3825. It has three physical interfaces(GigbitEthernet0/0, GigbitEthernet0/1 and one SFP ), I would like to use three interfaces at the same time as a firewall to build three zones(Inside, DMZ and Internet) each of the three interfaces will be assigned as Inside, DMZ and Internet zones. However it seems I can only use 2 interface as the same time. The SFP can be enabled only  on GigbitEthernet 0/0 port, and the show run only have two interfaces(Gi0/0,Gi0/1). Is there anyway I can add the third interace Gi0/2 into my cisco configration? Following are the results of show version commands. Thanks for your help.

 

show version:

Cisco IOS Software, 3800 Software (C3825-ADVENTERPRISEK9-M), Version 15.1(4)M12a, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Tue 04-Oct-16 04:18 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T11, RELEASE SOFTWARE (fc1)

supernovarouter3825 uptime is 1 day, 15 hours, 25 minutes
System returned to ROM by reload at 21:20:34 UTC Wed Oct 4 2017
System image file is "flash:c3825-adventerprisek9-mz.151-4.M12a.bin"
Last reload type: Normal Reload


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 3825 (revision 1.2) with 1011712K/36864K bytes of memory.
Processor board ID FTX1422A0G1
2 Gigabit Ethernet interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
479K bytes of NVRAM.
254464K bytes of ATA System CompactFlash (Read/Write)


License Info:

License UDI:

-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO3825 FTX1422A0G1

 

Configuration register is 0x2102

 

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎10-06-2017 07:22 AM - edited ‎10-06-2017 07:33 AM

You have to add an interface module for that:

https://www.cisco.com/c/en/us/products/routers/3800-series-integrated-services-routers-isr/relevant-interfaces-and-modules.html#ethernetrouted

But I wouldn't invest any more money in this EOL device.

 

EDIT: corrected the above link.

View solution in original post

Go to solution
Karsten Iwen
VIP
VIP
In response to clevelandwpc

‎10-06-2017 07:28 AM

If you still want to go with this device:

1) These modules could come quite cheap on ebay.

2) You could use subinterfaces on the internal interfaces and connect your inside and DMZ network to different VLANs on a switch. Not perfect, but better than not having a DMZ.

What about moving to an ASA 5506-X; it's faster than the router and has more security.

View solution in original post

7 Replies 7

Go to solution
Karsten Iwen
VIP
VIP

‎10-06-2017 07:22 AM - edited ‎10-06-2017 07:33 AM

You have to add an interface module for that:

https://www.cisco.com/c/en/us/products/routers/3800-series-integrated-services-routers-isr/relevant-interfaces-and-modules.html#ethernetrouted

But I wouldn't invest any more money in this EOL device.

 

EDIT: corrected the above link.

Go to solution
clevelandwpc
Level 1
Level 1
In response to Karsten Iwen

‎10-06-2017 07:24 AM

Thanks for your help.
0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to clevelandwpc

‎10-06-2017 07:28 AM

If you still want to go with this device:

1) These modules could come quite cheap on ebay.

2) You could use subinterfaces on the internal interfaces and connect your inside and DMZ network to different VLANs on a switch. Not perfect, but better than not having a DMZ.

What about moving to an ASA 5506-X; it's faster than the router and has more security.

Go to solution
clevelandwpc
Level 1
Level 1
In response to Karsten Iwen

‎10-06-2017 07:32 AM

Great, I will use subinterfaces solution. Thanks again.

Kevin
0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to clevelandwpc

‎10-06-2017 07:34 AM

it's now working ... something happened when pasting the link.
0 Helpful

Go to solution
clevelandwpc
Level 1
Level 1
In response to Karsten Iwen

‎10-06-2017 07:28 AM

Can you send the link again? The one you sent before dose not work. Thanks again.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card