Cisco 1601 configuration

Discussion in 'Hardware' started by icefrost1, Jan 7, 2008.

  1. icefrost1

    icefrost1

    Joined:
    Jan 7, 2008
    Messages:
    2
    Hi,

    I've set up a Cisco 1601 router (yes, I know it's outdated, but no use purchasing a new one if this one is doing the job), the WAN interface is serial link to a Network Terminating Unit which establishes the company internet connection.

    The setup is like this:

    WAN:
    x.x.4.181 netmask 255.255.255.252
    gateway x.x.4.182 (ESR on the other side of the NTU - belongs to the ISP)

    LAN:
    x.x.17.185 netmask 255.255.255.248
    x.x.186.49 netmask 255.255.255.240 secondary
    x.x.14.49 netmask 255.255.255.240 secondary

    Very straightfoward at the moment, one port of a bridge is connected to the LAN port, the other work is connected to a Catalyst 2950 switch (x.x.186.61).

    The Catalyst 2950 connects all the company servers (in networks x.x.17.184, x.x.186.48 and x.x.14.48) together and the LAN firewall, the LAN firewall is performing NAT for the company network. LAN firewall has IP x.x.186.62 on WAN side.

    Now, where I need your input and help if you could please spare the time...

    The main problem is, we are trying to minimize the use of public IPs, at the moment, besides the servers, we are using 3 public IPs on the router and another on the LAN firewall, as well as the one on the switch, and the switch IP should not be public anyway.

    So far, I have considered the following:

    1) The switch IP can be removed (or set to a private IP and a notebook connected to the switch when it should be configured) or just using the console port for configuration.
    2) If I can somehow do away with the LAN firewall using a public IP, maybe using a private IP on the WAN side and another private IP on the router's LAN side (as another secondary), however, I've tried this configuration and couldn't get it working, I'm assuming I need to implement some form of NAT on the router as well, I know more or less how to do that, but I don't want to affect the existing setup by my changes (I don't want the servers to use NAT on the router side at all, only the LAN firewall, so I just need to NAT 1 IP on that side), or if someone has a better idea than NAT?
    3) Is there some remote possibility that we don't have to use so many IPs on the router? I know in a previous setup we used 3 static routes to forward to a firewall, but this has been replaced by a very intelligence bridge which does most of the work previously accomplished by the firewall, the bridge has no IP address associated with it, the router on the ESR side (x.x.4.182) has 3 static routes set up as follows:

    route x.x.17.184 netmask 255.255.255.248 x.x.4.181
    route x.x.186.48 netmask 255.255.255.240 x.x.4.181
    route x.x.14.48 netmask 255.255.255.240 x.x.4.181

    So they are not using any IP addresses in these ranges, would it be somehow possible for us to do something similar? I have considered some kind of bridging but have no clue how to implement it.

    4) And another question, would it be possible to configure the Catalyst to use VLANs or something to connect both sides of the LAN firewall to the Catalyst (meaning splitting the x.x.17.184, x.x.186.48 & x.x.14.48 IPs from the private IPs, yet connecting them on the same physical switch)? Is this a very bad idea? Would it be safe? And how should it be accomplised? This would also help in moving the Catalyst's management to a private IP.

    Any suggestions or ideas on any of these would be highly appreciated, we need to conserve as many IPs as possible since we are running many servers on our network and we're adding about 1 extra server a month, this also means that the 'IP waste' will become a lot more as we add more public IP blocks (1 IP wasted for every block setup).

    Regards,

    IceFrost1
    icefrost1, Jan 7, 2008
    #1
    1. Advertising

  2. icefrost1

    icefrost1

    Joined:
    Jan 7, 2008
    Messages:
    2
    Other suggestions

    Any other ideas to increase the reliability, security, efficiency or whatever of our network would also be highly appreciated.

    Thanks in advance.
    icefrost1, Jan 7, 2008
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Paul Hutchings

    Cisco 1601 - which smartnet category?

    Paul Hutchings, Jul 17, 2003, in forum: Cisco
    Replies:
    0
    Views:
    455
    Paul Hutchings
    Jul 17, 2003
  2. Arbo
    Replies:
    1
    Views:
    460
    mrtravel
    Jul 20, 2003
  3. Ralph

    Cisco 1601, IP Problem

    Ralph, Oct 17, 2003, in forum: Cisco
    Replies:
    1
    Views:
    691
    Chris
    Oct 18, 2003
  4. jonny
    Replies:
    0
    Views:
    443
    jonny
    Nov 28, 2003
  5. jonny
    Replies:
    0
    Views:
    482
    jonny
    Nov 28, 2003
Loading...

Share This Page