04-16-2015 03:42 AM - edited 03-05-2019 01:15 AM
Hopefully somebody could help me with a router setup.
The setup is as follows
ISP -> Cisco router -> Firewall (Sonicwall)
All I want the cisco to do is to pass the traffic to the firewall
I presume i'll have to give the sonicwall interface an IP address in the 83.xxx.xxx.139/29 range (83.xxx.xxx.141 perhaps)
Got the following config from the ISP
*****************************************CE CONFIG****************************************
interface ge1/0
description Interface ge1/0 Circuit ID INTXXXXXXX
ip address 95.xxx.xxx.118 255.255.255.252
duplex auto
speed auto
no shutdown
! Customer Assigned RIPE Allocation = 83.xxx.xxx.136/29
router bgp xxxxx
neighbor 95.xxx.xxx.117 remote-as 5xxx
no auto-summary
bgp log-neighbor-changes
Note:-
If the access circuit is DSL based the following ATM parameters are applicable.
Interface ATM0.835
pvc 8/35
encapsulation aal5snap
**************************************************************************************************
I need some help setting up the RIPE Allocation. I presume some natting will have to be applied.
I would be grateful if somebody could send me on a sample configuration.
-Gary
Solved! Go to Solution.
04-16-2015 04:59 AM
@Gafarrel,
you should check circuit type with ISP team and normally, RIPE update will be doing by ISP team. (Many situations in my experience, ISP did it)
Apart from that you need to allocate one IP from subnet "83.xxx.xxx.139/29" for Router interface and it will be gateway for the SonicWall Firewall. Also in BGP protocol, advertise the subnet "83.xxx.xxx.139/29".
04-16-2015 04:38 AM
int ge1/1
desc 2SonicWall
ip add 83.xxx.xxx.137 255.255.255.248
RIPE allocates /29 now? o.O
04-16-2015 04:59 AM
@Gafarrel,
you should check circuit type with ISP team and normally, RIPE update will be doing by ISP team. (Many situations in my experience, ISP did it)
Apart from that you need to allocate one IP from subnet "83.xxx.xxx.139/29" for Router interface and it will be gateway for the SonicWall Firewall. Also in BGP protocol, advertise the subnet "83.xxx.xxx.139/29".
04-16-2015 05:06 AM
Well, looks like /29 written as static route at ISP side and bgp part is provided as template (ISP peer IP and AS) for bgp connection in case client wants to announce his own ASs.
04-17-2015 12:26 AM
Generally, /30 subnet used in wan link interface configuration. /29 used for Firewall/DMZ servers etc.,
Kindly share the exact detail you have been received from ISP Team so i shall assist you.
04-17-2015 12:51 AM
Thanks for the reply Nithi P.
All I got from the isp is the the above details ( not that helpful really).
The only other details in the email I received is as follows.
PRODUCT NAME: INT-60 - NGN INTERNET
INT CIRCUIT ID: INTxxxxx
UNI PORT NUMBER: 06
CLASS OF SERVICE: STANDARD - CctQoS
MSA CIRCUIT ID: xxxxxxxxx
UNI DUPLEX MODE: Auto-negotiation
UNI MEDIA: COPPER
UNI GBIC TYPE: NOT APPLICABLE
I'd recon that I plug into port 6 on tydur device which has an address on the /30 range configurer by the ISP. Give the cisco interface connected to that the other /30 address. Set that as the default root.
Thanks again.
04-20-2015 11:30 AM
Ok so I have an issue.
I can ping the far side and 8.8.8.8 directly from the router
I cant ping from the interface with the RIPE IP address assigned.
Here's the interfaces config.
interface GigabitEthernet0/0
description Interface gi 0/0 Circuit ID INTXXXXXXX
ip address 95.xxx.xxx.118 255.255.255.252
duplex auto
speed auto
!
interface GigabitEthernet0/1
description Interface gi 0/1 Link to Sonicwall
ip address 83.xxx.xxx.137 255.255.255.248
duplex auto
speed auto
!
router bgp 12345
bgp log-neighbor-changes
neighbor 95.XXX.XXX.117 remote-as XXXX
Here are the pings
router#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
router#ping 8.8.8.8 source gigabitEthernet 0/1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 83.xxx.xxx.137
.....
Success rate is 0 percent (0/5)
router#ping 95.xxx.xxx.118
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 95.xxx.xxx.118, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
router#ping 95.xxx.xxx.118 source gigabitEthernet 0/1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 95.xxx.xxx.118, timeout is 2 seconds:
Packet sent with a source address of 83.xxx.xxx.137
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
router#ping 95.xxx.xxx.117 source gigabitEthernet 0/1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 95.xxx.xxx.117, timeout is 2 seconds:
Packet sent with a source address of 83.xxx.xxx.137
.....
Success rate is 0 percent (0/5)
Any Ideas?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide