Cisco 2811 with 3 lines in and one out 1

[blubomber]

I am working on connecting three incoming lines at my main office. 2 of the lines are T1s and the other is a DSL line. My 2811 has 2 FastEthernet ports and 2 serial CSU/DSUs. The two T1s are direct connects to remote properties and the DSL line will be used for internet connection. I am going to have the 2nd FastEthernet connection connected to the firewall.

I am sure i can run all the LAN traffic through the firewall and then into the router and have the router direct the traffic from there. This is so that all my client computers will have only one gateway.

I just want the traffic to go straight through the router.

 

[themut]

Yes the router will direct all the traffic where it needs to go providing you configure appropriate routing. The computers should have the firewall as the gateway. Not quite sure what your question is

 

[blubomber]

Sorry themut for not really stating a question. this is my first setup of this type and i dont have anyone to bounce questions off of in person.

the DSL line is going to be for internet traffic. do i need an IP route line for that.

since the firewall is not enabled on the router, do i still need to add the NAT lines i currently have on my firewall? such as for SMTP, HTTP, HTTPs, FTP?

I just dont want to miss something.

 

[themut]

On the router you need a default route:

ip route 0.0.0.0 0.0.0.0 <next-hop>

If the firewall is natting the traffic you don't need to do it on the router. However, the router needs to have an entry on its routing table for this traffic, if the NAT addresses belong to a subnet different than the firewall's outside interface.

 

[blubomber]

Not working. i changed my firewall's external IP to 10.10.10.1 255.255.255.252 and listed the Eth0/1 interface as the gateway. Here is my current running config.



Current configuration : 3357 bytes
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname name
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$B1n/$YBdPgWS1AeHChwmPCWtEC0
!
username sandsregent privilege 15 secret 5 $1$I1Gh$isGD1RVmGNlQkP.pfHgct.
clock timezone PCTime -8
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no network-clock-participate aim 0
no network-clock-participate aim 1
no aaa new-model
ip subnet-zero
no ip source-route
ip tcp synwait-time 10
!
!
ip cef
!
!
no ip bootp server
ip domain name mycompany.com
ip name-server 192.168.100.2
ip name-server 192.168.100.6
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
description $FW_INSIDE$$ETH-LAN$$INTF-INFO-FE 0/0$
ip address 10.10.10.1 255.255.255.252
ip access-group sdm_fastethernet0/0_in in
ip access-group sdm_fastethernet0/0_out out
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex auto
speed auto
no cdp enable
no mop enabled
!
interface FastEthernet0/1
description $ETH-LAN$
ip address 216.82.147.213 255.255.252.0 secondary
ip address 216.82.145.220 255.255.252.0
ip access-group sdm_fastethernet0/1_in in
ip access-group sdm_fastethernet0/1_out out
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex auto
speed auto
no cdp enable
no mop enabled
!
interface Serial0/0/0
ip address 172.16.10.1 255.255.255.252
ip access-group sdm_serial0/0/0_in in
ip access-group sdm_serial0/0/0_out out
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
service-module t1 remote-alarm-enable
no cdp enable
!
interface Serial0/1/0
ip address 172.15.10.1 255.255.255.252
no cdp enable
!
ip default-gateway 216.82.144.1
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 permanent
ip route 10.1.37.0 255.255.255.0 Serial0/0/0 permanent
ip route 192.168.50.0 255.255.255.0 Serial0/1/0 permanent
ip http server
ip http authentication local
!
ip access-list extended sdm_fastethernet0/0_in
remark SDM_ACL Category=1
remark Internet
permit ip any any
ip access-list extended sdm_fastethernet0/0_out
remark SDM_ACL Category=1
remark Internet
permit ip any any
ip access-list extended sdm_fastethernet0/1_in
remark SDM_ACL Category=1
remark Internet
permit ip any any
ip access-list extended sdm_fastethernet0/1_out
remark SDM_ACL Category=1
remark Internet
permit ip any any
ip access-list extended sdm_serial0/0/0_in
remark SDM_ACL Category=1
remark Data
permit ip any any
ip access-list extended sdm_serial0/0/0_out
remark SDM_ACL Category=1
remark Data
permit ip any any
!
logging trap debugging
no cdp run
!
control-plane
!

I am using SDM to try and speed up the config process.

Thank you for any guidance.

 

[themut]

If you changed the firewall's external IP address to 10.10.10.1 then your interface FastEthernet0/0 should have the following IP address: 10.10.10.2 since you are using a 30 bit subnet mask. They cannot have the same IP address.
The default route should point to the next hop on your DSL link and it should have been provided to you by your ISP, it shouldn't be pointing towards your firewall (ip route 0.0.0.0 0.0.0.0 FastEthernet0/1)

 

[blubomber]

so the default route should point to my ISP's default gateway that they gave me? If that is correct then i will give that a shot. i was also positive that i made the IP of my firewalls external to be 10.10.10.1 and the routers was 10.10.10.2 but i will recheck.

Other than that, should the config i have setup allow traffic to flow through the router easily?