02-23-2022 01:13 AM
We have been asked by a potential new customer to configure a self-purchased Cisco C1117-4P router with their new BT internet line. Another company is installing a SonicWALL firewall.
We are just waiting for the SFP module for port 0/0/0 to patch the SC Fibre cable into it.
I have drafted some commands but am unsure if this is correct as my Cisco knowledge is very limited. The Router will have a SonicWALL firewall connected to port 0/1/0 via RJ45 which is an L2 port, so unable to assign an IP address to the port, I believe we would need to configure a VLAN for that port.
The ISP provided us with a /30 address, for example, let's say the below details:
IP Address: 152.0.0.152/30
Gateway Address: 152.0.0.151
That 152.0.0.152 address is being used for the 0/0/0 port for internet access on the Router, and then I used the 152.0.0.151 gateway address on the IP route between the router and ADVA.
!0/0/0 patched directly to the ADVA config t Int 0/0/0 Description INTERNET ip address {ISP_/30_ADDRESS} 255.255.255.252 ip nat outside no shutdown exit ! ip nat inside source list 1 interface gigabitethernet0/0/0 overload ip route 0.0.0.0 0.0.0.0 {ISP_GATEWAY_IP} access-list 1 permit 10.10.1.0 0.0.0.255 ! line vty 0 4 access-class 1 in ! line vty 5 15 access-class 1 in ! spanning-tree mode rapid-pvst ! vlan 10 name FIREWALL ! int vlan 10 description FIREWALL ip address 10.10.1.2 255.255.255.0 ip nat inside no shutdown !Patched into the SonicWALL Firewall interface gi0/1/0 switchport mode access switchport access vlan 10 spanning-tree portfast no shutdown
Will this now work, or am I still missing something to get the internet working on the router and then pass that through to the firewall?
02-23-2022 04:38 AM
Hi
"The Router will have a SonicWALL firewall connected to port 0/1/0 via RJ45 which is an L2 port"
Do you mean, the firewall is L2 ?
You need to add a default route on the router pointing to firewall.
02-23-2022 05:51 AM
How would said default route look on the Router?
02-23-2022 05:55 AM
ip route 0.0.0.0 0.0.0.0 X.X.X.X > Firewall
02-23-2022 06:04 AM
Ah OK gotcha, so looks like this now then:
nat inside source list 1 interface gigabitethernet0/0/0 overload ip route 0.0.0.0 0.0.0.0 {ISP_GATEWAY_IP} ip route 0.0.0.0 0.0.0.0 10.10.1.2 < FIREWALL IP access-list 1 permit 10.10.1.0 0.0.0.255 ! line vty 0 4 access-class 1 in ! line vty 5 15 access-class 1 in !
02-23-2022 08:48 AM
So.... Just been updated, apparently, the plan has been changed now... Now the firewall is connecting to the ADVA and we are using the router to separate traffic across 2 VLANs for 2 companies sharing office space.
Would this router be best for that or should we now look at a different option for this?
02-23-2022 09:05 AM
It depends on the size of your customer.
02-23-2022 09:26 AM
think looking at 20 each side, they don't want to be able to communicate with each business on the network
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide