1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Routing public IP's.....?

Discussion in 'Routing & Switching' started by jonny7_2002, Sep 7, 2011.

  1. jonny7_2002

    jonny7_2002 Byte Poster

    191
    9
    37
    I have a question which may seem really silly but will ask it anyway as im mythed by it and all Cisco'd out with my studies....

    The situation is i want to be able to give a firewall server a public (live) IP address and i want to route it via a cisco router that is connected to an ADSL line.

    For example, i have the following subnet assigned to me (made up) - 200.100.100.112/29 the dialer interface will be assigned the IP 200.100.100.113 and i want to assign the firewall server .115 & .116. The cisco router is connected to the Firewall server via Fa 0/1....

    I would like to assign the 200.100.100.114/29 ip to the FA 0/1 interface and then set the default gateway of the firewall server to be the .114 address but obviously this would not work because the .114 address would overlap with the dialer 1 interface...?

    I have attached a picture of a quickly drawn up diagram which shows what i am trying to achieve....

    Could anyone assist in how i can achieve this with the ip range i have?


    Router is an 887 at the moment but will get anot
    Server is irelevant :biggrin

    routing public IPs.jpg

    Cheers
    Jon
     
    Certifications: CCNA R&S, CCNP R&S, CCDA, CCNA Voice, CCNA Wireless & CCNA Security
    WIP: CCIE V5 (when its out)
  2. danielno8

    danielno8 Gigabyte Poster

    1,305
    48
    92
    I can't see a way this would work. The way we have these connections set up is the dialer interface would dynamically learn an IP. We would then use the range of address for the LAN side of the router, Fa0/1 in this case.
     
    Certifications: CCENT, CCNA
    WIP: CCNP
  3. jonny7_2002

    jonny7_2002 Byte Poster

    191
    9
    37
    But a draytek can, and i refuse to accept that a draytek can do more than a cisco! :D

    Look at this screenshot, this is how a draytekl does it.... draytek.jpg

    ??
     
    Certifications: CCNA R&S, CCNP R&S, CCDA, CCNA Voice, CCNA Wireless & CCNA Security
    WIP: CCIE V5 (when its out)
  4. danielno8

    danielno8 Gigabyte Poster

    1,305
    48
    92
    That doesn't show you having an IP from the public range (200.100.100.114/29) assigned to the ADSL interface as well as assigning one to the LAN interface.
     
    Certifications: CCENT, CCNA
    WIP: CCNP
  5. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    Mate I have deployed oudles of Cisco Routers in front of ASA's.

    All you need to do is interface dialer 0 unnumbered vlan 1 and then give vlan 1 on your ethernet interfaces your public IP address.

    Example config I wrote on an 877.

    ---------------------------------------

    Current configuration : 3274 bytes
    !
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname Cisco877
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200 warnings
    enable secret 5 $1$y9A/$zxuPun550Xm2d8cYTxbpH.
    !
    aaa new-model
    !
    !
    !
    !
    aaa session-id common
    !
    crypto pki trustpoint TP-self-signed-1700639775
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-1700639775
    revocation-check none
    rsakeypair TP-self-signed-1700639775
    !
    !
    crypto pki certificate chain TP-self-signed-1700639775
    certificate self-signed 01
    3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 31373030 36333937 3735301E 170D3032 30333031 30303037
    30335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37303036
    33393737 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100AA5C 8DE8734F 0F0BC288 4852B19D 64DEAA6B 6CFC6301 6466B152 E0952B20
    7DDC5382 4B38551A D5F275FF C44EBD45 E84C3D31 4BED11BD 699515FF 82D9FF5A
    1160854C 3448A49B 93992C2B 6C1B66B4 F53EB315 F69F3A56 240BBC2E 150AF6BE
    78CBAC50 94DD5886 E8159511 5EC26B77 3E37727A 0F75189B C9475EC3 B00A078C
    97450203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
    551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
    301F0603 551D2304 18301680 143E1BD5 547FF670 50378120 6B18773E 93DE9398
    28301D06 03551D0E 04160414 3E1BD554 7FF67050 3781206B 18773E93 DE939828
    300D0609 2A864886 F70D0101 04050003 8181000A AB5AA14A D6AB637C AE2EB022
    8066F0A9 072003B8 FBBB3323 FD6F4D94 64CE0416 46AD3058 8FACE0EA 278A5360
    0CCDE6EC 10FC403E B4E0DE03 56623A47 B8DA1DC5 41A0FC70 52F15CE0 D3B3BACD
    FB5098E7 8FC39EDB 2A049076 7A0F1E9D 1850FB01 2DA9DC33 D6BB583C 9A857C2C
    EC43E90A 592B7939 38275663 E8D7CA94 14775B
    quit
    dot11 syslog
    ip cef
    !
    !
    no ip domain lookup
    ip domain name xxxx.xxx
    !
    !
    !
    username admin privilege 15 secret 5 xxxxxxx
    !
    !
    archive
    log config
    hidekeys
    !
    !
    !
    !
    !
    interface ATM0
    no ip address
    atm vc-per-vp 64
    no atm ilmi-keepalive
    pvc 0/38
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    dsl operating-mode auto
    !
    interface FastEthernet0
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface Vlan1
    description To Cisco ASA5510
    ip address 187.224.80.57 255.255.255.248
    ip tcp adjust-mss 1452
    !
    interface Dialer1
    ip unnumbered Vlan1
    ip virtual-reassembly
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    no cdp enable
    ppp authentication pap chap callin
    ppp chap hostname xxxxx
    ppp chap password xxxxx
    ppp pap sent-username xxxxx
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 Dialer1
    !
    no ip http server
    no ip http secure-server
    !
    no cdp run
    !
    !
    !
    control-plane
    !
    banner motd ^C ##### No Unauthorised Access ##### ^C
    !
    line con 0
    no modem enable
    line aux 0
    line vty 0 4
    privilege level 15
    password 7 1307441F085C16737D7027363D
    transport input ssh
    !
    scheduler max-task-time 5000
    end
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
    jonny7_2002 likes this.
  6. jonny7_2002

    jonny7_2002 Byte Poster

    191
    9
    37
    The public range is 200.100.100.112/29

    To be fair the range was made up anyway :D
     
    Certifications: CCNA R&S, CCNP R&S, CCDA, CCNA Voice, CCNA Wireless & CCNA Security
    WIP: CCIE V5 (when its out)
  7. jonny7_2002

    jonny7_2002 Byte Poster

    191
    9
    37
    Craigie..... thankyou so much, makes so much sense now! I knew there was something i was missing and that is the bit! You are bloody marvellous!!
     
    Certifications: CCNA R&S, CCNP R&S, CCDA, CCNA Voice, CCNA Wireless & CCNA Security
    WIP: CCIE V5 (when its out)
  8. danielno8

    danielno8 Gigabyte Poster

    1,305
    48
    92
    haha yeh ok, what i meant was from the public range that the address 200.100.100.114, with a mask of /29, is in.

    Nice one Craigie!
     
    Certifications: CCENT, CCNA
    WIP: CCNP
  9. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    No worries mate, pleased I could help out.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  10. jonny7_2002

    jonny7_2002 Byte Poster

    191
    9
    37
    So in theory, using the Ip unnumbered technique, the following diagram would work for the live IP web servers but could you still have the vlan 1 in the picture using NAT?
    I think this will work but still lack the 100% confidence to say yes without checking on here! lol 8)

    View attachment 2486
     
    Certifications: CCNA R&S, CCNP R&S, CCDA, CCNA Voice, CCNA Wireless & CCNA Security
    WIP: CCIE V5 (when its out)
  11. jonny7_2002

    jonny7_2002 Byte Poster

    191
    9
    37
    Craigie = Legend! i know this was an old thread but finaly got around to using the IP unnumbered approach and it was SOOOOOOOOOOOOOOOooooooooo simple when i done it!! cant believe i didnt get this!!!?

    Cheers
    Jon
     
    Certifications: CCNA R&S, CCNP R&S, CCDA, CCNA Voice, CCNA Wireless & CCNA Security
    WIP: CCIE V5 (when its out)
  12. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    No problem mate, I know I'm only a CCNA, but I have my uses sometimes 8)
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  13. jonny7_2002

    jonny7_2002 Byte Poster

    191
    9
    37
    This is one problem i have found with the Cisco certification track... although they have tried to tailor them for "real world" configuration and stuff, it still misses simple little things like this one. Im 2/3rds through my CCNP and hadnet touched anythin like this in my exams/job/labs/study!

    Its like DSL configuration isnt really covered. i know dsl configuration like the back of my hand now but as backup links within businesses and home workers etc i would have thought they would have had something on DSL config!!?

    Anyway, cheers!
     
    Certifications: CCNA R&S, CCNP R&S, CCDA, CCNA Voice, CCNA Wireless & CCNA Security
    WIP: CCIE V5 (when its out)
  14. danielno8

    danielno8 Gigabyte Poster

    1,305
    48
    92
    The way i see it, they give you enough knowledge through the CCNA to be able to read a doc, speak to someone else (Craigie in this instance :P ) and go on and do it things such as this. There is just way too much different things for them to cover it all.
     
    Certifications: CCENT, CCNA
    WIP: CCNP

Share This Page

Loading...