Cisco 837, 2 internal networks, one natted, one public dmz.

Good day

I've been scratching my head with this one for a little while. I have a /29 from my uk based ISP, and want to create the following scenario at home :

internet - cisco 837 ---+ | +--- Internal Natted network [10.1.1.0/24] | +--- External DMZ, routed, public [81.1.1.0/29]

It looks like an IOS update for this family of routers allows you to do just that[*] - The release notes for 12.3(7) show that one can create a second Ethernet interface, Ethernet2 to apply different rules to two seperate physical networks, but I was hoping that I'd be able to hang the two logically seperate networks on the same physical bit of wire?

Essentially this would mean that 10.1.1.254 and 81.1.1.7, say, the default routes for the internal and external network are the same physical interface on the Cisco 837.

Is this going to be possible? If not, I'll have to try to IOS upgrade, but as a newbie, this isn't something I relish trying. :)

[*] -
formatting link

Many thanks for any help BR AS

Reply to
alstamp
Loading thread data ...

formatting link

Hi,

Something tells me that you can put a secondary ip address on the E0 interface of an 837. Unfortunately I cannot find an example on the Cisco WWW site following a quick search.

Under your interface e,.g, Ethernet 0 you should be able to tyre:

ip address A.B.C.D Mask ip address W.X.Y.Z Mask secondary

Substitue IP and Mask with the relevant numbering.

Perhaps other people could comment here on whether the IP ranges can be completely different classes, I am not sure. Also not too sure how the NAT would need to work as I haven't an 837 to hand to give it a go.

What is the reason for wanting to do this ? Perhaps there is another workaround that someone may be able to suggest.

Regards

Darren

Reply to
Darren Green

formatting link
>

Secondary address should work fine on an 837 - we are doing the same on a

2600 at one site.

None

Reply to
none

[81.1.1.0/29] [...]

Firstly, thank you for your reply Darren.

The reason is that I have 3 machines that I'd like to sit on a public address (test servers for a hobby of mine), and NAT the desktop in the house. The DSL router sits by the phone connection, and the switches for our network live in the house basement. As a result, trailing a second cable so that I could run the public network through Ethernet2 is non-trivial.

I'll give your method a try. I'll need to see if I can work out how to nat connections from 10.1.1.0/24, and to route the public addresses, through the same interface.

Although I can see this not working. :( Time to learn how to apply that 12.3(7) upgrade.

Reply to
alstamp

I've done it that way too. Put both IPs on the interface, mark it as NAT inside, and in your NAT override statements, you have it match only the private internal network as actually doing the NAT.

Reply to
Doug McIntyre

Hey

I've given that a go.

I have 10.1.1.0/24 for internal machines natting fine :

interface Ethernet0 ip address 10.1.1.254 255.255.255.0 ip nat inside no ip mroute-cache hold-queue 100 out

Now I want to see the machines which are on the public addresses - trying to add the address that 'Dialer0' has as the secondary interface to ethernet0 isn't allowed. Trying to manually route to the address that Dialer0 has open gives an error, 'Invalid next hop address (it's this router)'

I must have misunderstood what you meant by putting the address on the ethernet0 interface..

BR AS

Reply to
alstamp

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.