Hi Dean, thanks for this. What happens with the routed block addresses in this scenario? If an external user connects to 123.xxx.5.242 for example, how does this get routed to the correct location? I need to assign one of these addresses to general incoming traffic (OWA, remote site links etc) and another address to route to a PIX firewall handling connections from Cisco VPN client.
... View more
Dear All I have just had an EFM (ethernet first mile) circuit installed to replace an adsl broadband line and would really appreciate some help to reconfigure the router, a Cisco 1800, to use the EFM. The current adsl is handled by a Vigor 2800 router which is connected to FastEthernet0 on the Cisco 1800. The current WAN addresses are configured on the Vigor and there is also a routed block of addresses of which 3 are in use: 84.xxx.xxx.41 is set as the IP of the Vigor, 84.xxx.xxx.42 is FastEthernet0 on the 1800 and 84.xxx.xxx.43 is assigned to a PIX firewall. To use the EFM, the 1800 router needs to be connected by ethernet to a RAD LA-210 NTE unit. The ISP has supplied new IP addresses for the WAN and Routed Block as follows: WAN: 123.xxx.7.30/31 ISP end: 123.xxx.7.30 My end: 123.xxx.7.31 Mask: 255.255.255.252 Routed Block: 123.xxx.5.240/29 Usable IP addresses: 123.xxx.5.241 - 123.xxx.5.246 Mask: 255.255.255.248 I've had a go, but I've so far been unable to reconfigure the 1800 to use the EFM instead of the Vigor adsl. The current (edited) configuration is copied below, I'd be grateful if anyone could tell me what I need to change or add to use the new WAN and Routed Block addresses. Thanks in advance. !CURRENT (EDITED) CONFIG FOR VIGOR ADSL ! ! interface FastEthernet0 <<currently connected to Vigor adsl>> ip address 84.xxx.xxx.42 255.255.255.248 ip access-group 101 in ip nat outside ip inspect WebsenseFilter out ip virtual-reassembly duplex auto speed auto crypto map VPNMAP ! interface FastEthernet1 no ip address shutdown duplex auto speed auto ! interface FastEthernet2 <<currently connected to network switch>> ! interface FastEthernet3 duplex full speed 10 ! interface FastEthernet4 shutdown ! interface FastEthernet5 shutdown ! interface FastEthernet6 shutdown ! interface FastEthernet7 shutdown ! interface FastEthernet8 shutdown ! interface FastEthernet9 ! interface Vlan1 ip address 192.168.46.254 255.255.255.0 ip nat inside ip virtual-reassembly ! interface Async1 no ip address encapsulation slip ! ip route 0.0.0.0 0.0.0.0 84.xxx.xxx.41 <<this is an address on Vigor adsl>> ip route 192.168.50.0 255.255.255.0 192.168.46.252 ip route 192.168.55.0 255.255.255.0 192.168.46.250 ! ! no ip http server no ip http secure-server ip nat inside source route-map Nat-Map interface FastEthernet0 overload ip nat inside source static tcp 192.168.46.5 25 84.xxx.xxx.42 25 extendable ip nat inside source static tcp 192.168.46.1 443 84.xxx.xxx.42 443 extendable ip nat inside source static tcp 192.168.46.5 1723 84.xxx.xxx.42 1723 extendable ip nat inside source static tcp 192.168.46.1 3389 84.xxx.xxx.42 3389 extendable ! access-list 101 permit tcp any any eq 22 access-list 101 permit tcp any any eq smtp access-list 101 permit tcp any any eq 1723 access-list 101 permit gre any any access-list 101 permit icmp any any access-list 101 permit udp any eq ntp any access-list 101 permit udp any eq domain any gt 1023 access-list 101 permit tcp any any established access-list 101 permit esp any any access-list 101 permit udp any any eq isakmp access-list 101 permit udp any any eq non500-isakmp access-list 101 permit tcp any any eq 3389 access-list 101 deny ip any any access-list 110 deny ip 192.168.46.0 0.0.0.255 192.168.47.0 0.0.0.255 access-list 110 deny ip 192.168.46.0 0.0.0.255 192.168.48.0 0.0.0.255 access-list 110 deny ip 192.168.46.0 0.0.0.255 192.168.49.0 0.0.0.255 access-list 110 deny ip 192.168.46.0 0.0.0.255 192.168.51.0 0.0.0.255 access-list 110 deny ip 192.168.46.0 0.0.0.255 192.168.52.0 0.0.0.255 access-list 110 deny ip 192.168.46.0 0.0.0.255 10.0.110.0 0.0.0.255 access-list 110 permit ip 192.168.46.0 0.0.0.255 any access-list 150 permit ip 192.168.46.0 0.0.0.255 192.168.48.0 0.0.0.255 access-list 150 permit ip 192.168.50.0 0.0.0.255 192.168.48.0 0.0.0.255 access-list 151 permit ip 192.168.46.0 0.0.0.255 192.168.47.0 0.0.0.255 access-list 152 permit ip 192.168.46.0 0.0.0.255 192.168.51.0 0.0.0.255 access-list 153 permit ip 192.168.46.0 0.0.0.255 192.168.49.0 0.0.0.255 access-list 156 permit ip 192.168.46.0 0.0.0.255 192.168.52.0 0.0.0.255 access-list 157 permit ip 192.168.46.0 0.0.0.255 192.168.53.0 0.0.0.255 access-list 159 permit ip 192.168.46.0 0.0.0.255 10.0.110.0 0.0.0.255 ! ! ! route-map Nat-Map permit 10 match ip address 110 ! ! ! ! control-plane ! ! line con 0 line 1 modem InOut stopbits 1 speed 115200 flowcontrol hardware line aux 0 line vty 0 4 password xxxxxxxxx login local ! ! webvpn context Default_context ssl authenticate verify all ! no inservice ! end
... View more