http://gamingtrend.com
September 23, 2014, 08:23:57 AM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News:
 
   Home   Help Search Calendar Login Register  
Pages: [1]   Go Down
  Print  
Author Topic: Cisco Router 1720  (Read 1772 times)
0 Members and 1 Guest are viewing this topic.
TheGameAh
Gaming Trend Reader

Offline Offline

Posts: 80


View Profile
« on: October 15, 2004, 11:45:13 AM »

I was wondering if someone here could help with a router config.  The router runs directly into a network, meaning the Ethernet currently has a 192.168 address.  I want to drop a firewall in behind it, meaning I want to give the firewall the 192.168 address and configure the router to just pass traffic.  What am I doing wrong here?  Here's the config I'm trying to use, I'm sure it's something simple.

! ******************************************************************
! novatec.cfg - Cisco router configuration file
! Automatically created by Cisco ConfigMaker v2.6 Build 6
!   Monday, June 17, 2002, 10:10:04 AM
!
! Hostname: novatec
! Model: 1720
! ******************************************************************
!
service timestamps debug uptime
service timestamps log uptime
service password-encryption
no service tcp-small-servers
no service udp-small-servers
!
hostname hidden
!
enable password hidden
!
ip source-route
ip name-server 205.218.123.50
!
ip subnet-zero
ip domain-lookup
ip routing
!
interface FastEthernet 0
 no shutdown
 description connected to EthernetLAN
 ip address 66.255.48.145 255.255.255.240
 keepalive 10
!
interface Serial 0
 no shutdown
 description connected to Internet
 ip address 66.255.48.190 255.255.255.252
 no ip directed-broadcast
 encapsulation frame-relay IETF
 frame-relay interface-dlci 764 IETF
 frame-relay lmi-type ansi
 service-module t1 timeslots 21-24 speed 64
!
!
ip classless
!
! IP Static Routes
ip route 0.0.0.0 0.0.0.0 66.255.48.189
ip http server
snmp-server community public RO
snmp-server location PC Room
snmp-server contact Glenn Bullion,410 789 4811,[email protected]
!
line console 0
 exec-timeout 0 0
 password hidden
 login
!
line vty 0 4
 password hidden
 login
!
end
Logged
dmd
Gaming Trend Reader

Offline Offline

Posts: 436


View Profile
« Reply #1 on: October 18, 2004, 12:54:35 PM »

I haven't messed with cisco scripts in a few years, so take all of  this with a grain of salt.  Shouldn't the ethernet interface have a 192. 168. xxx. xxx address?
Currently it's 66.255.48.14.  I would think that interface needs one unregistered IP, give the firewall another  unregistered IP and tell it to look for the router address.  Have you worked out your subnets correctly?  
Are these IP's you currently have configured real?  Well, to answer my own question, I guess they are, since I could telnet to one of them.
Logged
Pyperkub
Gaming Trend Senior Member

Offline Offline

Posts: 1569


View Profile
« Reply #2 on: October 18, 2004, 08:10:20 PM »

Quote from: "dmd"
I haven't messed with cisco scripts in a few years, so take all of  this with a grain of salt.  Shouldn't the ethernet interface have a 192. 168. xxx. xxx address?
Currently it's 66.255.48.14.  I would think that interface needs one unregistered IP, give the firewall another  unregistered IP and tell it to look for the router address.  Have you worked out your subnets correctly?  
Are these IP's you currently have configured real?  Well, to answer my own question, I guess they are, since I could telnet to one of them.


That was my first thought too - as it also allows for a dmz, but it depends on the the firewall...
Logged

Pardon me, but that is a .... damn fine cup of coffee.
Zimix
Gaming Trend Senior Member

Offline Offline

Posts: 669



View Profile
« Reply #3 on: October 20, 2004, 02:20:32 AM »

According to your config, your Ethernet interface is set with:

ip address 66.255.48.145 255.255.255.240

That means the Ethernet address of your router is 66.255.48.145.

It also means that the following address are available on your network (as long as they are not currently used:

66.255.48.146
66.255.48.147
66.255.48.148
66.255.48.149
66.255.48.150
66.255.48.151
66.255.48.152
66.255.48.153
66.255.48.154
66.255.48.155
66.255.48.156
66.255.48.157
66.255.48.158

Pick one of the addresses above and ping it to see if it is active.  Please note that this doesn't guarantee if the IP is in use, as the device could be turned off, or does not allow ICMP requests.  In this case I would recommend logging into the router, going into enable mode and typing the following command: show arp
Do you see the IP you want with a MAC address?  Does it show "Incomplete", or does it have a MAC address associated with it?  If it has Incomplete, then I would go ahead and use that address.  (It is stating Incomplete because of the ping we attempted)

What brand of firewall will be using?

In any case you will want to set the external IP address of your firewall to be the address you picked above.  Set the netmask to 255.255.255.240.

The default gateway will be 66.255.48.145.

Set the internal interface to have the 192.168.x.x address that you want.

Make sure you set up NAT/PAT on the firewall if it isn't already set up.

Set your internal hosts default gateway to 192.168.x.x (the address that you set to your internal firewall interface).  Also assign them an IP address within the 192.168.x.y range.

Hopefully this will help you get pointed in the right direction.
Logged
Pages: [1]   Go Up
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines
Valid XHTML 1.0! Valid CSS!
Page created in 0.1 seconds with 30 queries. (Pretty URLs adds 0.037s, 2q)