IP UNN clarification

Discussion in 'Cisco' started by Gordon Montgomery, Sep 11, 2006.

  1. I'm moving to an ISP that wants to configure Ser/0/0/0 as IP UNN.
    Now I understand the basic concept, but am fuzzy on the details.
    Will that change in any way the ACL's that I currently (other than
    the obvious IP range change) use, or how I can apply them? And
    I have a VPN from a PIX501 to my 2811 that uses the IP Address
    of Ser0/0/0 as the peer address. What do I need to change on the
    VPN with IP UNN? Just change the peer to the FE0/0 IP address
    (which the IP UNN points to)?

    Sorry for basic questions, but I just haven't used IP UNN before, and
    I don't have the luxury of a good test environment.

    Thanks,


    Gordon Montgomery
    Living Scriptures, Inc
    (anti spam - replace lsi with livingscriptures)
    (801) 627-2000
     
    Gordon Montgomery, Sep 11, 2006
    #1
    1. Advertising

  2. In article <>,
    (Gordon Montgomery) wrote:

    > I'm moving to an ISP that wants to configure Ser/0/0/0 as IP UNN.
    > Now I understand the basic concept, but am fuzzy on the details.
    > Will that change in any way the ACL's that I currently (other than
    > the obvious IP range change) use, or how I can apply them? And


    No, it shouldn't change your ACLs significantly. Presumably the ACLs
    allow to/from the public IPs assigned to your LAN, not the serial IP.

    > I have a VPN from a PIX501 to my 2811 that uses the IP Address
    > of Ser0/0/0 as the peer address. What do I need to change on the
    > VPN with IP UNN? Just change the peer to the FE0/0 IP address
    > (which the IP UNN points to)?


    Yes. You could also create a Loopback0 interface and assign an IP
    there, so that the endpoint would exist regardless of the status of
    FE0/0. This is especially a good idea if you have multiple inside
    interfaces, so that the VPN isn't dependent on any particular one.

    Another change you'll probably have to make is to your default route.
    If it currently points to the IP at the other end of the serial link,
    you should change it to point to the interface itself, i.e.

    ip route 0.0.0.0 0.0.0.0 Serial0/0/0

    --
    Barry Margolin,
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    *** PLEASE don't copy me on replies, I'll read them in the group ***
     
    Barry Margolin, Sep 12, 2006
    #2
    1. Advertising

  3. In article <>, Barry Margolin <> wrote:
    >In article <>,
    > (Gordon Montgomery) wrote:
    >
    >> I'm moving to an ISP that wants to configure Ser/0/0/0 as IP UNN.
    >> Now I understand the basic concept, but am fuzzy on the details.
    >> Will that change in any way the ACL's that I currently (other than
    >> the obvious IP range change) use, or how I can apply them? And

    >
    >No, it shouldn't change your ACLs significantly. Presumably the ACLs
    >allow to/from the public IPs assigned to your LAN, not the serial IP.
    >
    >> I have a VPN from a PIX501 to my 2811 that uses the IP Address
    >> of Ser0/0/0 as the peer address. What do I need to change on the
    >> VPN with IP UNN? Just change the peer to the FE0/0 IP address
    >> (which the IP UNN points to)?

    >
    >Yes. You could also create a Loopback0 interface and assign an IP
    >there, so that the endpoint would exist regardless of the status of
    >FE0/0. This is especially a good idea if you have multiple inside
    >interfaces, so that the VPN isn't dependent on any particular one.
    >


    I assume I would just assign one of my static IP's from my /24.

    >Another change you'll probably have to make is to your default route.
    >If it currently points to the IP at the other end of the serial link,
    >you should change it to point to the interface itself, i.e.
    >
    >ip route 0.0.0.0 0.0.0.0 Serial0/0/0
    >


    Thank you for you response. I assumed that's how it would be, but it is
    always nice to get confirmation from someone who really knows. I may
    not know all the answers, but I usually know where I can find them.

    Thanks again,

    Gordon

    Gordon Montgomery
    Living Scriptures, Inc
    (anti spam - replace lsi with livingscriptures)
    (801) 627-2000
     
    Gordon Montgomery, Sep 12, 2006
    #3
  4. In article <>,
    (Gordon Montgomery) wrote:

    > In article <>, Barry
    > Margolin <> wrote:
    > >In article <>,
    > > (Gordon Montgomery) wrote:
    > >
    > >> I'm moving to an ISP that wants to configure Ser/0/0/0 as IP UNN.
    > >> Now I understand the basic concept, but am fuzzy on the details.
    > >> Will that change in any way the ACL's that I currently (other than
    > >> the obvious IP range change) use, or how I can apply them? And

    > >
    > >No, it shouldn't change your ACLs significantly. Presumably the ACLs
    > >allow to/from the public IPs assigned to your LAN, not the serial IP.
    > >
    > >> I have a VPN from a PIX501 to my 2811 that uses the IP Address
    > >> of Ser0/0/0 as the peer address. What do I need to change on the
    > >> VPN with IP UNN? Just change the peer to the FE0/0 IP address
    > >> (which the IP UNN points to)?

    > >
    > >Yes. You could also create a Loopback0 interface and assign an IP
    > >there, so that the endpoint would exist regardless of the status of
    > >FE0/0. This is especially a good idea if you have multiple inside
    > >interfaces, so that the VPN isn't dependent on any particular one.
    > >

    >
    > I assume I would just assign one of my static IP's from my /24.


    Yes.

    --
    Barry Margolin,
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    *** PLEASE don't copy me on replies, I'll read them in the group ***
     
    Barry Margolin, Sep 13, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?c3JpbmF0aGU=?=

    clarification

    =?Utf-8?B?c3JpbmF0aGU=?=, May 22, 2004, in forum: Microsoft Certification
    Replies:
    0
    Views:
    548
    =?Utf-8?B?c3JpbmF0aGU=?=
    May 22, 2004
  2. lombardi
    Replies:
    3
    Views:
    2,732
    lombardi
    Apr 4, 2004
  3. srini
    Replies:
    1
    Views:
    602
    Hansang Bae
    Feb 12, 2005
  4. Mike
    Replies:
    0
    Views:
    429
  5. Darren Green

    Failover Clarification

    Darren Green, Dec 11, 2005, in forum: Cisco
    Replies:
    2
    Views:
    518
    Darren Green
    Dec 12, 2005
Loading...

Share This Page