Solved: Ok so I have an issue.I can

gafarrell · ‎04-16-2015

Hopefully somebody could help me with a router setup.

The setup is as follows

ISP -> Cisco router -> Firewall (Sonicwall)

All I want the cisco to do is to pass the traffic to the firewall

I presume i'll have to give the sonicwall interface an IP address in the 83.xxx.xxx.139/29 range (83.xxx.xxx.141 perhaps)

Got the following config from the ISP

*****************************************CE CONFIG****************************************

interface ge1/0
description Interface ge1/0 Circuit ID INTXXXXXXX

ip address 95.xxx.xxx.118 255.255.255.252
duplex auto
speed auto
no shutdown

! Customer Assigned RIPE Allocation = 83.xxx.xxx.136/29

router bgp xxxxx
neighbor 95.xxx.xxx.117 remote-as 5xxx
no auto-summary
bgp log-neighbor-changes

Note:-
If the access circuit is DSL based the following ATM parameters are applicable.

Interface ATM0.835
pvc 8/35
encapsulation aal5snap

**************************************************************************************************

I need some help setting up the RIPE Allocation. I presume some natting will have to be applied.

I would be grateful if somebody could send me on a sample configuration.

-Gary

Nithyanandan P · ‎04-16-2015

@Gafarrel,

you should check circuit type with ISP team and normally, RIPE update will be doing by ISP team. (Many situations in my experience, ISP did it)

Apart from that you need to allocate one IP from subnet "83.xxx.xxx.139/29" for Router interface and it will be gateway for the SonicWall Firewall. Also in BGP protocol, advertise the subnet "83.xxx.xxx.139/29".

View solution in original post

AMediaFilm · ‎04-16-2015

int ge1/1

desc 2SonicWall

ip add 83.xxx.xxx.137 255.255.255.248

RIPE allocates /29 now? o.O

Nithyanandan P · ‎04-16-2015

@Gafarrel,

you should check circuit type with ISP team and normally, RIPE update will be doing by ISP team. (Many situations in my experience, ISP did it)

Apart from that you need to allocate one IP from subnet "83.xxx.xxx.139/29" for Router interface and it will be gateway for the SonicWall Firewall. Also in BGP protocol, advertise the subnet "83.xxx.xxx.139/29".

AMediaFilm · ‎04-16-2015

Well, looks like /29 written as static route at ISP side and bgp part is provided as template (ISP peer IP and AS) for bgp connection in case client wants to announce his own ASs.

Nithyanandan P · ‎04-17-2015

Generally, /30 subnet used in wan link interface configuration. /29 used for Firewall/DMZ servers etc.,

Kindly share the exact detail you have been received from ISP Team so i shall assist you.

gafarrell · ‎04-17-2015

Thanks for the reply Nithi P.

All I got from the isp is the the above details ( not that helpful really).

The only other details in the email I received is as follows.

PRODUCT NAME: INT-60 - NGN INTERNET

INT CIRCUIT ID: INTxxxxx

UNI PORT NUMBER: 06

CLASS OF SERVICE: STANDARD - CctQoS

MSA CIRCUIT ID: xxxxxxxxx

UNI DUPLEX MODE: Auto-negotiation

UNI MEDIA: COPPER

UNI GBIC TYPE: NOT APPLICABLE

I'd recon that I plug into port 6 on tydur device which has an address on the /30 range configurer by the ISP. Give the cisco interface connected to that the other /30 address. Set that as the default root.

Thanks again.

gafarrell · ‎04-20-2015

Ok so I have an issue.

I can ping the far side and 8.8.8.8 directly from the router

I cant ping from the interface with the RIPE IP address assigned.

Here's the interfaces config.

interface GigabitEthernet0/0
description Interface gi 0/0 Circuit ID INTXXXXXXX
ip address 95.xxx.xxx.118 255.255.255.252
duplex auto
speed auto
!
interface GigabitEthernet0/1
description Interface gi 0/1 Link to Sonicwall
ip address 83.xxx.xxx.137 255.255.255.248
duplex auto
speed auto
!
router bgp 12345
bgp log-neighbor-changes
neighbor 95.XXX.XXX.117 remote-as XXXX

Here are the pings

router#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms

router#ping 8.8.8.8 source gigabitEthernet 0/1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 83.xxx.xxx.137
.....
Success rate is 0 percent (0/5)

router#ping 95.xxx.xxx.118
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 95.xxx.xxx.118, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

router#ping 95.xxx.xxx.118 source gigabitEthernet 0/1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 95.xxx.xxx.118, timeout is 2 seconds:
Packet sent with a source address of 83.xxx.xxx.137
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

router#ping 95.xxx.xxx.117 source gigabitEthernet 0/1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 95.xxx.xxx.117, timeout is 2 seconds:
Packet sent with a source address of 83.xxx.xxx.137
.....
Success rate is 0 percent (0/5)

Any Ideas?

Cisco Router setup