|
Home > Archive > CCNP > November 2000 > Addressing Scheme
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| okay hope someone can help?????
Here's my Wan configuration:
cisco 2514 router
S0: 84.161.124.1/30
E0:84.161.194.1/25
I also have avail IP range of 84.161.194.2-84.161.194.126/25
MY 2514 connects to a E0 PIXFIREWALL
E0: 84.161.194.2/30
E1  Inside)???
The E1 will connect to a ethernet1/0 port on a 3640 router. The INTRANET(lan) will be connected to the FASTETHERNET port on the 3640 router? My question is if I use NAT on my PIX, should I also need to configure nat on my 3640? IF I use 10.1.0.0 255.255.0.0 as The Inside address on the PIX, Can I configure my gateway on the 3640 fastethernet to 10.1.1.100?? IF yes, then should I use a different subnet to connect the e1 of the pix to the e1/0 of the 3640? | |
|
| Configure NAT only on your Pix.
The inside address of your pix and the ethernet interface of the 3640 should be on the same IP network. Give you're workstations a default gateway of the ethernet interface of the 3640. The 3640 will have routes you all you're internal networks and a gateway of last resort to inside address of Pix.
If you wanted, you could create a /30 network and stick only one interface of the 3640 and the inside address of the Pix on that network. That would eliminate any ICMP redirects, but that's probably no big deal here.
MadChef | |
|
| Hey MadChef thanks a lot for your response, that is indeed the way we have it setup now. If you dont mind one more question for you. What command would enable my 3640 as the gateway of last resort for the inside of my PIX??
Also on my 2514 router what routes do i need to add in association with my PIX.
I really appreciate your help??? | |
|
| To provide a default route for your inside interface, do this:
route inside 0.0.0.0 0.0.0.0 10.1.1.1
You can only have a default gateway for your inside address if you just have 2 interfaces on the pix. If you have a third interface you can no longer have two default routes, so be careful.
If I understand you're configuration correctly, you don't need to have anything but a default route on your 2514. You've only got your 84.161.194.0 /25 network and that's directly connected via E0. As far as your 2514 is concerned, all host are directly connected to that interface when in reality only the Pix is there. The Pix is doing NAT and so is converting all these addresses into your internal net. Take a look at the arp table on you're 2514 and you'll see that all IP addresses have MAC of the outside interface of your Pix so the router just keeps sending those packets that way.
If you weren't doing NAT you'd want to provide static routes to each internal network behind the pix.
MadChef
| |
|
| Thanks MadChef. your advise helped a lot. will be bringing everything up today. hopefully things go smoothly. |
|
|
|
|