Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1173
Views
0
Helpful
3
Replies

861 Router and Public IP behind NAT

marcpu123
Level 1
Level 1

‎10-09-2012 09:11 AM - edited ‎03-07-2019 09:22 AM

Hello:

I have a question that I haven’t seen clearly answered elsewhere. I am also not familiar with Cisco. I will try to keep it short:

I am moving a very small branch office to a new location, but we have a centrally controlled IT infrastructure team in Europe. I would like to implement a hosted VOIP solution without impacting the current network setup (i.e., VPN/Firewall) or asking this IT team to change anything on the existing LAN Network except the IP address/gateway. The VOIP system will have its own cabling.

Here is the configuration I would like:

•          Cisco 861 as main gateway to the Ethernet from the ISP’s modem

•          2 static public IPs from the ISP, one for the VOIP network and one for the LAN

•          Cisco 861 acting as NAT/DHCP for the VOIP system on one static public IP

•          My company’s Juniper device on the second static public IP managing NAT for the LAN

I have a diagram here to map out what I am considering:

Capture.JPG

Two options I have seen:

•          Setup Proxy ARP on the Cisco router, allowing the Juniper device a transparent (and unsecured/firewalled) route to the internet to get the Public IP and manage the LAN (seen in picture)

• Install an additional switch (with proper QOS prioritizing VOIP) at main entry point of location, and have both routers behind this (to minimize configuration of the Cisco router).

Any advice? Can someone describe how Proxy ARP might be configured in this case to make this happen? Do I need to create static routes?

Thank you for your help.

Labels:
0 Helpful
3 Replies 3

ALIAOF_
Level 6
Level 6

‎10-09-2012 02:41 PM

Which Juniper do you have?

0 Helpful

marcpu123
Level 1
Level 1
In response to ALIAOF_

‎10-09-2012 05:09 PM

Netscreen 5gt.

0 Helpful

ALIAOF_
Level 6
Level 6
In response to marcpu123

‎10-10-2012 09:37 AM

Well one thing I was thinking to put the VoIP system behind the firewall I worked for a company couple of years back and we used a mixture of SSG5's and 5GT's.  We just created separate Voice and Data networks on the firewall.  Data network would connect to one switch and Voice would connect to another switch. 

Some times create VLAN's and use just one switch.  But looks like in your case that won't work per your requirement.  Now with 861 you can create two VLAN's including VLAN1.  So if you put a Cisco 861 router in the mix your firewall's WAN IP would have to be whatever is the VLAN you created on the router for it.  And you will have to setup a NAT on the router to map the private IP (on the firewall WAN interface) to public IP.  This seems a bit more complicated instead of just putting it behind the firewall though in my honest opinion.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card