Configuring Edge Router Help

Rygo · ‎05-12-2023

Hello. I may have to shortly be involved in configuring an (unmanaged ISP) edge router that will be installed at my organization. This is not something I have done before so I was hoping for some help to fully understand the steps that need to be taken. At the moment this is purely theoretical as no purchase has been made yet.

Network Structure

My questions are:

1) How do I pass the traffic from the internet to the internal network via the firewall? Do I simply add this:

ip route 10.x.x.x 255.255.255.0 1.1.1.2 - the firewall (a non-Cisco brand) will do the NATing

2) How about traffic coming from the internal network out to the internet? If I do

ip route 0.0.0.0 0.0.0.0 <ISP Supplied gateway IP?> will the router know that this command only applies for traffic going OUT from the internal network to the internet?

Looking forward to understanding if I'm on the right track with this. Thanks very much.

Flavio Miranda · ‎05-12-2023

Hello,

Why they want to put this router between Firewall and internet? As long as the firewall is doing NAT, if should be facing the ISP.

If this is a requirement to have the router, the router should do the NATing.

About the routing, it is ok. But, keep in mind that if you keep the NATing on the firewall, the router will receive the Natted traffic and not the 10.x.x.x 255.255.255.0

Then this "ip route 10.x.x.x 255.255.255.0 1.1.1.2 - the firewall (a non-Cisco brand) will do the NATing" is not necessary.

But, it is import to understand what is the role of this router and why it is not doing NAT.

Rygo · ‎05-15-2023

Hello Flavio,

Thanks for the response. I should have said that my diagram is completely theoretical to map out what I think the configuration should be. So now I know that NATing should be done on the edge company device facing the ISP gateway (thanks for that). If a company chooses an unmanaged ISP package, which I believe a company has to choose install router for, what does that router connect into on the ISP side?

I'm trying to get my head around that really. I know that a router supplied by the ISP will be configured with an IP that acts as the company's default GW but I'm struggling to work out how it works if a company uses 'unmanaged' internet connection.

Flavio Miranda · ‎05-15-2023

In the worst case scenario you are going to receive and private IP address via DHCP like we do in home ISP connection.

But, you are able to setup the router's interface to DHCP, if necessary and probably you dont need to setup NAT, only a default route to ISP.

But, if necessary you can setup NAT overload on the DHCP interface.

Joseph W. Doherty · ‎05-12-2023

For starters, did your ISP provide you the 1.1.1.0/30 address block? Just one public IP address block? Did they describe one of the two IP addresses in that block as the next hop (or gateway) IP to them?

BTW, from you diagram, unclear why you need both the FW and router. What's the media being used for the ISP link?

Rygo · ‎05-15-2023

Hello Joseph,

Thanks for the response. I should have said that this is completely theoretical with the values being made up. I'm possibly overcomplicating things in my mind, just trying to breakdown the configuration at the network edge.

MHM Cisco World · ‎05-15-2023

this depend on unmanaged ISP edge router,
if the FW get IP via DHCP from unmanaged ISP then
only you do need
NATing in FW
default route toward the Edge router.
NOTE:- this config not support static NAT i.e. you can not use server connect to FW.