I currently have a T1 connection and a block of IP addresses (12.43.212.32-12.43.212.63 mask 255.255.255.224).
I have these assigned to Eth0/1 and my private IP on Eth0/0 on a Cisco 2611 running base IOS 12.0 (No IPSEC)
The ISP Ethernet IP is 12.43.212.33 and is hooked direct via crossover cable to my router.
So far this has worked great and I am using NAT and access lists to block and route traffic. I also have RIP 2 enabled on my router since I have another subnet (192.168.4.0 via 192.168.2.2) behind my internet connection. All internet traffic goes through the T1.
I would like to setup a VPN, but I did not have the right Cisco IOS for this, so to get my feet wet, I bought a Linksys BEFVP41.
The Cisco VPN looked way to complicated for my needs and abilities.
It was my intention put a hub between my border router and the ISP's and plug the Linksys into the hub along with the Ciscos.
I was going to take one of my assigned IP's. Then I realized that I have my entire block assigned to the Eth0/1 Interface via these commands:
!
interface Ethernet0/1
description connected to ATT
ip address 12.43.212.34 255.255.255.224
no ip directed-broadcast
no ip source-route
no cdp enable
!
If I use the next number netmask, I cut down my IP's to 16, which will pose a problem in the very near future. I don't foresee needing 32 IP's, but 16 yes.
My next thought was to somehow route the traffic through my Cisco to the Linksys without NAT. In other words, route one of the above IP numbers to my private IP assigned to the WAN connection (which is ethernet) of the Linksys. But does this make sense or is there a better way?
I also thought of asking my ISP for another IP for the Linksys, but they only issue blocks. I do not really need a whole block, just one for the WAN interface of the Linky. However, I could also use one of these for aSnort IDS box in the future.
Anyone have some suggestions or direction on how to incorporate the Linksys into my network without breaking my current setup?
Below are some code snippets from my Cisco router. I left out the list definitions since they are rather long. All NAT's are static one to one. I am running Squid Proxy for my users web browsing, so end users do not have direct paths to the Internet.
Any help would be appreciated.
Larry Hawkins
----------------------------
!
version 12.0
no ip http server
!
hostname 2600-1
!
interface Ethernet0/0
description connected to DLH
ip address 192.168.2.70 255.255.255.0
no ip directed-broadcast
no ip source-route
no cdp enable
!
interface Ethernet0/1
description connected to ATT
ip address 12.43.212.34 255.255.255.224
no ip directed-broadcast
no ip source-route
no cdp enable
!
router rip
version 2
network 12.0.0.0
network 192.168.2.0
neighbor 192.168.2.2
!
ip route 0.0.0.0 0.0.0.0 12.43.212.33
!
ip classless
!
no proxy-arp
---------------------------------
NAT Definition sections are below
interface ethernet 0/0
ip nat inside
!-- Defines Ethernet 0/0 as the inside interface
!
interface ethernet 0/1
ip nat outside
!-- Defines Ethernet 0/1 as the outside interface
!
interface ethernet 0/1
ip access-group 101 out
ip access-group 102 in
!ip access-group 103 out
!-- Assigns inbound filter 102 on the Internet side
!-- Assigns outbound filter 103 on the Internet side
!
!End of declarations and assignements
!-------------------------------------------------------------------------------
I have these assigned to Eth0/1 and my private IP on Eth0/0 on a Cisco 2611 running base IOS 12.0 (No IPSEC)
The ISP Ethernet IP is 12.43.212.33 and is hooked direct via crossover cable to my router.
So far this has worked great and I am using NAT and access lists to block and route traffic. I also have RIP 2 enabled on my router since I have another subnet (192.168.4.0 via 192.168.2.2) behind my internet connection. All internet traffic goes through the T1.
I would like to setup a VPN, but I did not have the right Cisco IOS for this, so to get my feet wet, I bought a Linksys BEFVP41.
The Cisco VPN looked way to complicated for my needs and abilities.
It was my intention put a hub between my border router and the ISP's and plug the Linksys into the hub along with the Ciscos.
I was going to take one of my assigned IP's. Then I realized that I have my entire block assigned to the Eth0/1 Interface via these commands:
!
interface Ethernet0/1
description connected to ATT
ip address 12.43.212.34 255.255.255.224
no ip directed-broadcast
no ip source-route
no cdp enable
!
If I use the next number netmask, I cut down my IP's to 16, which will pose a problem in the very near future. I don't foresee needing 32 IP's, but 16 yes.
My next thought was to somehow route the traffic through my Cisco to the Linksys without NAT. In other words, route one of the above IP numbers to my private IP assigned to the WAN connection (which is ethernet) of the Linksys. But does this make sense or is there a better way?
I also thought of asking my ISP for another IP for the Linksys, but they only issue blocks. I do not really need a whole block, just one for the WAN interface of the Linky. However, I could also use one of these for aSnort IDS box in the future.
Anyone have some suggestions or direction on how to incorporate the Linksys into my network without breaking my current setup?
Below are some code snippets from my Cisco router. I left out the list definitions since they are rather long. All NAT's are static one to one. I am running Squid Proxy for my users web browsing, so end users do not have direct paths to the Internet.
Any help would be appreciated.
Larry Hawkins
----------------------------
!
version 12.0
no ip http server
!
hostname 2600-1
!
interface Ethernet0/0
description connected to DLH
ip address 192.168.2.70 255.255.255.0
no ip directed-broadcast
no ip source-route
no cdp enable
!
interface Ethernet0/1
description connected to ATT
ip address 12.43.212.34 255.255.255.224
no ip directed-broadcast
no ip source-route
no cdp enable
!
router rip
version 2
network 12.0.0.0
network 192.168.2.0
neighbor 192.168.2.2
!
ip route 0.0.0.0 0.0.0.0 12.43.212.33
!
ip classless
!
no proxy-arp
---------------------------------
NAT Definition sections are below
interface ethernet 0/0
ip nat inside
!-- Defines Ethernet 0/0 as the inside interface
!
interface ethernet 0/1
ip nat outside
!-- Defines Ethernet 0/1 as the outside interface
!
interface ethernet 0/1
ip access-group 101 out
ip access-group 102 in
!ip access-group 103 out
!-- Assigns inbound filter 102 on the Internet side
!-- Assigns outbound filter 103 on the Internet side
!
!End of declarations and assignements
!-------------------------------------------------------------------------------
