Firebox setup problem

[verjay]

Any help I can get would be great, I been working with CDW, Watchguard, and Bellsouth, and they are all puzzled.
Currently I am on a frame relay with Bellsouth, behind a Cisco 1720 router. I wanted to replace the Cisco with the Firebox x700. Unfortunatly, the IP's that I've been given(gateway&public) arent on the same subnet. ie 68.152.152.*/30 is gateway, public 68.153.*.*/29.
I really don't won't to use the router, so does anyone have any ideas?
Thanks again

 

[verjay]

Also, if its not possible to connect directly with this ip scheme and I have to use the Cisco, Are there any default IOS's out there to show best setup for a Firebox?

 

[coladmin]

the watchguard will not support directly connecting a frame relay or t-1 line to it unless they give you an ethernet handoff. With the setup that you are describing you will need to set up the serial port of the router with /30 network and your ethernet port of the router with the /29 network. setting up your cisco router to do this is farily straight forward. you will need to configure each interface with an IP address and then configure a default route on the router to point to the gateway addres s on the Bellsouth network. I have a router and a firewall with this configuration on the bell southnetwork. for the serial interface you will need to configure both the serial interface and a sub interface. you will also need to configure the ethernet interface and a default route as shown below. once you have done this set the external interface on the firebox to be on the same network as the ethernet interface on your cisco router and make the gateway on your firebox to be the ethernet address of the cisco router

interface Serial1/0
bandwidth 1544
no ip address
encapsulation frame-relay
no ip route-cache cef
no ip route-cache
no ip mroute-cache
no fair-queue

interface Serial1/0.1 point-to-point
bandwidth 1544
ip address x.x.x.x x.x.x.x /30 IP
no ip route-cache
no ip mroute-cache
frame-relay interface-dlci xxx CISCO

interface FastEthernet0/0
description connected to LAN
ip address X.x.x.x x.x.x.x /29 ip
no ip redirects
no ip unreachables
no ip proxy-arp
no ip route-cache cef
no ip route-cache
speed auto
no cdp enable
!

ip classless
ip route 0.0.0.0 0.0.0.0 GATEWAY IP

 

[verjay]

Great, I'll go do it.
Thanks for all the info!

 

[coladmin]

let me know if you have any problems

 

[verjay]

In your IOS example you gave me, do I need to define any access-list?

 

[coladmin]

no you do not need any access lists at all for this config

if you want you an configure an access list so that only traffic from your network can connect to the router and manage it but it is not necessary for the wg and router to work

version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname gaffney1760
!
boot-start-marker
boot-end-marker
!
logging buffered 16000 informational
no logging console
enable secret
!
clock timezone EST -5
clock summer-time EDT recurring
!
no aaa new-model
ip subnet-zero
no ip source-route
ip cef
!
!
!
no ip bootp server
no ip domain lookup
no ftp-server write-enable
!

!
interface FastEthernet0/0
description connected to LAN
ip address x.x.x.x x.x.x.x
no ip redirects
no ip unreachables
no ip proxy-arp
no ip route-cache cef
no ip route-cache
speed auto
no cdp enable
!
interface Serial0/0
description connected to WAN
bandwidth 1544
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation frame-relay IETF
no ip route-cache cef
no ip route-cache
service-module t1 timeslots 1-24
service-module t1 remote-alarm-enable
!
interface Serial0/0.1 point-to-point
bandwidth 1544
ip address x.x.x.x x.x.x.x
no ip route-cache
frame-relay interface-dlci 505

!
ip classless
ip route 0.0.0.0 0.0.0.0 X.X.x.x
no ip http server
!

!
line con 0
password 7
login
line aux 0
line vty 0 4
session-timeout 120
exec-timeout 5 0
password 7
login