04-01-2009 11:53 AM - edited 03-04-2019 04:11 AM
I have just had a 10Meg ethernet turned up and I was given 2 sets of addresses. the first set is:
Wan
65.45.145.108/30
With a network side,customer side and default gateway.
I was also given:
Lan Block1
209.127.75.96/27 for our LAN block.
I am using a 3825 router and want to nat\pat everything inside the network.
Do I need to put another router (1750 with a wic-1enet) between the 3825 and the wan dmarc?
Do I put that 1750 with the "customer side address" on e/0 with a routing statement to route all traffic to the "network side address" which is the address on their device?
If so... then do I put the default gateway address of the public lan pool (209.x.x.x) on the f\0 of the 1750?
Then would I put one of the (209.x.x.x) addresses on the g 0/0 (wan side) of the 3825 and my 172.x.x.x private on the g 0/1 (lan side) of the 3825? and then add the necessary routing statments to make it all work?
Any help would be most appreciated!
Thanks
Solved! Go to Solution.
04-01-2009 12:50 PM
James
No problem. Still a little confused ie. "How does traffic know that my 209.x.x.x addresses are located at the 3825?"
Well the 209.x.x.x address range will be routed by your ISP to the relevant site and the other public address range will be routed by your ISP to the sister site.
Jon
04-01-2009 11:57 AM
James
You are trying to make it much more difficult than it needs to be. You do not need any other router. You should put the /30 on the interface and you should create a pool of addresses on the 3825 with the /27 and do NAT/PAT with that address pool.
HTH
Rick
04-01-2009 12:00 PM
You can terminate the 10Mbs connection into your 3825 router. So
int fa0/0
ip address 65.45.145.109 255.255.255.252
ip route 0.0.0.0 0.0.0.0 65.45.145.110
Note - this is assuming your address is .109 and default-gateway ie. ISP address is .110. It may be the other way round.
Then you can use this interface to PAT all internal clients ie. assuming internal LAN is on fa0/1 and is 192.168.5.0/24
access-list 101 permit ip 192.168.5.0 0.0.0.255 any
ip nat inside source list 101 interface fa0/0 overload
int fa0/1
ip nat inside
int fa0/0
ip nat outside
The above takes care of your internal clients to Internet.
Then you can use your 209.127.75.96/27 block for servers inside that you want to give access to from internet eg.
server 192.168.7.10 internal
ip nat inside source static 192.168.7.10 209.127.75.97
etc.. for each server.
Jon
04-01-2009 12:23 PM
The other issue here which I should have included is that I have a sister location with exactly the same setup for addresses and internet. I also have a 3825 at that location and need to connect the 2 with a static VPN. I also need to grant access to people using the software vpn clients to both locations as well. How does traffic know that my 209.x.x.x addresses are located at the 3825?
04-01-2009 12:31 PM
James
"The other issue here which I should have included ..."
Hmmm, yes you probably should have mentioned that :-).
Not sure what you mean about having the same addressing at another site. How does this work. If the same addressing is replicated in 2 sites then the traffic won't know which site to go to. Perhaps you could clarify.
Jon
04-01-2009 12:39 PM
Sorry for lack of clarity here.
What I meant is that at the other site I have the same setup but of course they are different wan, lan address ranges.
04-01-2009 12:41 PM
Sorry for lack of clarity here.
What I meant is that at the other site I have the same setup but of course they are different wan, lan address ranges.
04-01-2009 12:50 PM
James
No problem. Still a little confused ie. "How does traffic know that my 209.x.x.x addresses are located at the 3825?"
Well the 209.x.x.x address range will be routed by your ISP to the relevant site and the other public address range will be routed by your ISP to the sister site.
Jon
04-01-2009 12:56 PM
Ok. That makes sense. Would I add the 209.x.x.x address to the g0/0 interface of the 3825 as well as the 65.x.x.x address? This is why I thought I might need an additional router.
04-01-2009 01:00 PM
It's all to do with routing. You don't need to add the 209.x.x.x address to your gi0/0 interface as long as the ISP routes all traffic destined for the 209.x.x.x subnet you have been allocated to the outside interface of your 3825 ie. the 65.x.x.x address.
Your ISP should be doing this if they have allocated you the 209.x.x.x subnet.
Jon
04-01-2009 01:20 PM
On the server internally I want to use a private ip address range and nat the public 209.x.x.x to the server. I dont want to use public ip address directly on the servers themselves. Will this work that way?
04-01-2009 01:23 PM
Yes it will work.
server = 192.168.5.10
public address - 209.127.75.97
ip nat inside source static 192.168.5.10 209.127.75.97
Jon
04-01-2009 12:41 PM
Sorry for lack of clarity here.
What I meant is that at the other site I have the same setup but of course they are different wan, lan address ranges.
04-01-2009 12:00 PM
You do not need another router. The /30 is the point-to-point link between you and your provider. The /27 is the routeable address space assigned to you. You can/should assign one of your public IP's (209 network) to the router. Will your private network be directly connected or will you have a firewall in between?
04-01-2009 12:03 PM
you can terminate the ethernet WAN circuit directly on the 3825 router and configure the /30 address block for that interface
Have the private 172.x.x.x network connected to the other interface and NAT them to the public interface address
Narayan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide