sounds like you might want to hire a consultant. On Sun, 2002-11-10 at 12:23, Tunji Suleiman wrote: > Hi Group, > > I have a routing problem. I am certain my present config is alright and just > need a routing entry from the ISP for things to work. But the ISP is not > cooperating, insisting the problem is with my config. So I want to make sure > I've not explored all options b4 reverting to them. > > Here's the scenario: > > The ISP created a global /26 subnet, say 80.80.80.128 255.255.255.192 and > assign addresses from it to all their wireless clients thru a multipoint > radio base-station. They assigned 80.80.80.171, .172, .173 and .174 to my > client. My target is a VPN solution between an Exchange server behind the > PIX to a larger network on the Internet with rfc1918 address 10.240.0.0. > Presently all ISP clients use ISP's internet uplink with address > 80.80.80.129 as default gateway. This works for any client with dual-homed > proxy with global address on ext link to ISP and int interface to LAN with > rfc1918 addresses. > > My situation, however has a 2611 router with 2 eth interfaces one to the ISP > radio and the other to PIX firewall. So I thot up a few options. > > Option A: My prefered option and present config > > Use ISP-assigned global addresses on router internal link to PIX, PIX > outside link to router, PAT address on PIX, reserve a global address for > future use and rfc1918 addresses on the inside of PIX for translation by > PAT. > > For ext radio link btw router & ISP, do one of: > 1. use ip unnumbered on link to isp with config similar to: > > int e0/0 > description link-2-isp > ip unnumbered e0/1 > ! > int e0/1 > description link-2-pix > ip address 80.80.80.171 255.255.255.192 > ! > ip default-gateway 80.80.80.129 > > 2. get isp to create and assign global or rfc1918 /30 subnet for the > wireless link to my client, so i have a config similar to: > > int e0/0 > description link-2-isp > ip address 192.168.0.2 255.255.255.252 > ! > int e0/1 > description link-2-pix > ip address 80.80.80.171 255.255.255.192 > ! > ip route 0.0.0.0 0.0.0.0 e0/0 or 192.168.0.1 > > 3. get ISP to create a /29 subnet eg 80.80.80.182 255.255.255.248 and route > it to my client with a route entry like: > > 4. get ISP to create VLANs and corresponding routing entries to my client or > other similar clients. > > It seemed to me eitherway, for packets to find their way back to me from the > ISP and the Internet, the ISP has to create routing entries similar to: > > ip route 80.80.80.171 255.255.255.192 isp's-connected-interface > ip route 80.80.80.172 255.255.255.192 80.80.80.171 > ip route 80.80.80.173 255.255.255.192 80.80.80.171 > ip route 80.80.80.174 255.255.255.192 80.80.80.171 for 1 & 2 above > > ip route 80.80.80.184 255.255.255.248 isp's-connected-interface for 3 & 4 > above. > > Option B: > > 1. Assign 1 address from ISP-assigned global addresses, say 80.80.80.171 to > router ext link to ISP, reserve for future use or waste remaining 3 since I > cant reassign the addresses behind the router. Then maybe: > > a. Assign a private say 192.168.x.0/24 to PIX inside interface and all > inside hosts including Exchange server. Assign 10.240.77.0/24 between PIX > outside interface and router inside interface. > > b. use a combination of static and dynamic NAT on PIX for exchange and > internal hosts, specifically statically translating for Exchange and > dynamically for other hosts. > > c. use PAT on router to translate for everything originating from PIX. > > I have tried the IP unnumbered option on my router e0/0, but the router wont > accept it, with error: point-to-point (non-multi-access) interfaces only. > > Now, my questions are: > > 1. If the ISP refuses to cooperate completely, what are the implications of > Option B with the double translation on PIX and router? > 2. If the ISP agrees to cooperate, which of the options in A above is the > best solution? > 3. Related to 2 above, if ISP agrees to cooperate with the simplest > solution, which seem to me to be, just a routing entry, is it possible, and > if so, how do I get to use IP unnumbered on an ethernet interface? > 4. Is there any better option/solution which I have not envisaged? > > I should be most grateful to anybody able to assist me on this problem. > Priscilla, Howard, Larry Letterman, Steve Rider ... etc etc. I will send my > present configs on request. > > TIA. > > Tunji > > > > > > > _________________________________________________________________ > Add photos to your messages with MSN 8. Get 2 months FREE*. > http://join.msn.com/?page=features/featuredemail
Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57195&t=57193 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
