back to back 2500's acting as a firewall [7:8251]
I have 2 x 2501 routers, each with 1 ethernet, and 2 serial. I was wondering how I would go about useing the routers back to back to create a firewall for my cable modem network @home---e0(router)s0---s0(router)e0---(switch)---(pc) possible issues: -use nat? -ip unnumbered on serial interfaces? the reason I cant just use one router, is that i have only one ethernet per router. also, i realize that this is goofy, and that a software firewall would be easier, I am also trying to get familiar with the ios firewall feature set. __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=8251&t=8251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: back to back 2500's acting as a firewall [7:8251]
you can use acccess control lists as a starting point, but it would ultimately depend on what ios you have. if you have the ip/fw ios you can be more granular as to what to let out and in. Hope this helps George, Head Janitor, CCNA CCDA Cisco Systems ""Eric Waguespack"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have 2 x 2501 routers, each with 1 ethernet, and 2 > serial. > > I was wondering how I would go about useing the > routers back to > back to create a firewall for my cable modem network > > > @home---e0(router)s0---s0(router)e0---(switch)---(pc) > > possible issues: > -use nat? > -ip unnumbered on serial interfaces? > > > the reason I cant just use one router, is that i have > only one > ethernet per router. > also, i realize that this is goofy, and that a > software > firewall would be easier, I am also trying to get > familiar with > the ios firewall feature set. > > > > > __ > Do You Yahoo!? > Get personalized email addresses from Yahoo! Mail - only $35 > a year! http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=8253&t=8251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: back to back 2500's acting as a firewall [7:8251]
I have the dual Ethernet setup. The IOS is use is 12.0(15) IP/FW Firewall>sho flash System flash directory: File Length Name/status 1 6261572 c2500-io-l.120-15.bin [6261636 bytes used, 2126972 available, 8388608 total] 8192K bytes of processor board System flash (Read ONLY) If you have only one global IP, then you are looking to configure NAT Overload (which is the same thing as PAT). Phil - Original Message - From: Eric Waguespack To: Sent: Tuesday, June 12, 2001 5:16 PM Subject: back to back 2500's acting as a firewall [7:8251] > I have 2 x 2501 routers, each with 1 ethernet, and 2 > serial. > > I was wondering how I would go about useing the > routers back to > back to create a firewall for my cable modem network > > > @home---e0(router)s0---s0(router)e0---(switch)---(pc) > > possible issues: > -use nat? > -ip unnumbered on serial interfaces? > > > the reason I cant just use one router, is that i have > only one > ethernet per router. > also, i realize that this is goofy, and that a > software > firewall would be easier, I am also trying to get > familiar with > the ios firewall feature set. > > > > > __ > Do You Yahoo!? > Get personalized email addresses from Yahoo! Mail - only $35 > a year! http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=8254&t=8251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: back to back 2500's acting as a firewall [7:8251]
an interesting idea, i have to say. but, i think you don't have to worry about the nat. configure it on the ethernet port that goes into the cable modem, and simply allow your network behind for nat. the question is if you have a static ip address assigned from your isp (which is unusual) or is it going to be negotiated? If it is negotiated, then you need 12.1.t version to be able to configure ip address dhcp under the ethernet port (cisco still doesn't have ip add negotiated command for lan interfaces). int e0 ip add dhcp ip nat out int s0 ip nat ins ip add 1.1.1.1 f.f.f.0 access-list 1 permit any ip nat ins source list 1 int e0 overload This should work. Dragi Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=8329&t=8251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
