On Fri, 27 Apr 2001, Ben Nagy wrote:
> In my lab config, I had:
>
> One 1605 - inside (trusted lan) 10.200.200.2/24, outside 192.168.254.254/24
(if the outside is bogus, /32 it please- address space wastage isn't good
to encourage even in RFC1918'd examples...)
> (bogus)
> One 1603 - ISP router LAN IP 10.200.200.1/24, Loopback (pretend Internet)
> 10.200.50.1/24.
> One laptop, behind 1605 inside, 10.200.200.50/24, gateway 10.200.200.2
>
> All that was required was the following pair of routes:
> ip route 0.0.0.0 0.0.0.0 10.200.200.1
> ip route 10.200.200.1 255.255.255.255 eth0 (outside)
>
> Basically, the bogus ip address on the outside is just to trick the
> interface into knowing it's running IP. After that, it arps on e0 for the
> 10.200.200.1 address (because of the interface route).
Wait- what about traffic in the other direction? The ISP's router would
have to know something special unless you proxy ARP for the internal LAN
on the 1605's 192 interface, no?
> Running the interface unnumbered does not work (the parser rejects it on a
> multiaccess interface), and running the outside with no ip address does not
> work (won't route through a non-ip interface).
Ok, the one I was thinking of must have been off a spare serial port, and
due to a lack of address space more than anything- that or an evil game of
PPP over the AUX port... I'm pretty sure it wasn't the time we had to
snarf a SCSI cable to go on a HSSI port- I don't think they were
really using that RAID array anyway... (FWIW, Cisco doesn't support using
$35 SCSI cables where you should be using $100 Cisco cables, but they are
kind enough to point out the pinout equivalance in their documentation
and it's also good to know.)
Thanks,
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
