Hi Group, I have a routing problem. I am certain my present config is alright and just need a routing entry from the ISP for things to work. But the ISP is not cooperating, insisting the problem is with my config. So I want to make sure I've not explored all options b4 reverting to them.
Here's the scenario: The ISP created a global /26 subnet, say 80.80.80.128 255.255.255.192 and assign addresses from it to all their wireless clients thru a multipoint radio base-station. They assigned 80.80.80.171, .172, .173 and .174 to my client. My target is a VPN solution between an Exchange server behind the PIX to a larger network on the Internet with rfc1918 address 10.240.0.0. Presently all ISP clients use ISP's internet uplink with address 80.80.80.129 as default gateway. This works for any client with dual-homed proxy with global address on ext link to ISP and int interface to LAN with rfc1918 addresses. My situation, however has a 2611 router with 2 eth interfaces one to the ISP radio and the other to PIX firewall. So I thot up a few options. Option A: My prefered option and present config Use ISP-assigned global addresses on router internal link to PIX, PIX outside link to router, PAT address on PIX, reserve a global address for future use and rfc1918 addresses on the inside of PIX for translation by PAT. For ext radio link btw router & ISP, do one of: 1. use ip unnumbered on link to isp with config similar to: int e0/0 description link-2-isp ip unnumbered e0/1 ! int e0/1 description link-2-pix ip address 80.80.80.171 255.255.255.192 ! ip default-gateway 80.80.80.129 2. get isp to create and assign global or rfc1918 /30 subnet for the wireless link to my client, so i have a config similar to: int e0/0 description link-2-isp ip address 192.168.0.2 255.255.255.252 ! int e0/1 description link-2-pix ip address 80.80.80.171 255.255.255.192 ! ip route 0.0.0.0 0.0.0.0 e0/0 or 192.168.0.1 3. get ISP to create a /29 subnet eg 80.80.80.182 255.255.255.248 and route it to my client with a route entry like: 4. get ISP to create VLANs and corresponding routing entries to my client or other similar clients. It seemed to me eitherway, for packets to find their way back to me from the ISP and the Internet, the ISP has to create routing entries similar to: ip route 80.80.80.171 255.255.255.192 isp's-connected-interface ip route 80.80.80.172 255.255.255.192 80.80.80.171 ip route 80.80.80.173 255.255.255.192 80.80.80.171 ip route 80.80.80.174 255.255.255.192 80.80.80.171 for 1 & 2 above ip route 80.80.80.184 255.255.255.248 isp's-connected-interface for 3 & 4 above. Option B: 1. Assign 1 address from ISP-assigned global addresses, say 80.80.80.171 to router ext link to ISP, reserve for future use or waste remaining 3 since I cant reassign the addresses behind the router. Then maybe: a. Assign a private say 192.168.x.0/24 to PIX inside interface and all inside hosts including Exchange server. Assign 10.240.77.0/24 between PIX outside interface and router inside interface. b. use a combination of static and dynamic NAT on PIX for exchange and internal hosts, specifically statically translating for Exchange and dynamically for other hosts. c. use PAT on router to translate for everything originating from PIX. I have tried the IP unnumbered option on my router e0/0, but the router wont accept it, with error: point-to-point (non-multi-access) interfaces only. Now, my questions are: 1. If the ISP refuses to cooperate completely, what are the implications of Option B with the double translation on PIX and router? 2. If the ISP agrees to cooperate, which of the options in A above is the best solution? 3. Related to 2 above, if ISP agrees to cooperate with the simplest solution, which seem to me to be, just a routing entry, is it possible, and if so, how do I get to use IP unnumbered on an ethernet interface? 4. Is there any better option/solution which I have not envisaged? I should be most grateful to anybody able to assist me on this problem. Priscilla, Howard, Larry Letterman, Steve Rider ... etc etc. I will send my present configs on request. TIA. Tunji _________________________________________________________________ Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57193&t=57193 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
