Cisco 837, 2 internal networks, one natted, one public dmz.

Good day

I've been scratching my head with this one for a little while. I have
a /29 from my uk based ISP, and want to create the following scenario
at home :

internet - cisco 837 ---+
|
+--- Internal Natted network [10.1.1.0/24]
|
+--- External DMZ, routed, public [81.1.1.0/29]

It looks like an IOS update for this family of routers allows you to do
just that[*] - The release notes for 12.3(7) show that one can create a
second Ethernet interface, Ethernet2 to apply different rules to two
seperate physical networks, but I was hoping that I'd be able to hang
the two logically seperate networks on the same physical bit of wire?

Essentially this would mean that 10.1.1.254 and 81.1.1.7, say, the
default routes for the internal and external network are the same
physical interface on the Cisco 837.

Is this going to be possible? If not, I'll have to try to IOS upgrade,
but as a newbie, this isn't something I relish trying.

[*] -
http://www.cisco.com/en/US/products/hw/routers/ps380/prod_bulletin0900aecd800f8567.html


Many thanks for any help
BR
AS

 

Hi,

Something tells me that you can put a secondary ip address on the E0
interface of an 837. Unfortunately I cannot find an example on the Cisco
WWW site following a quick search.

Under your interface e,.g, Ethernet 0 you should be able to tyre:

ip address A.B.C.D Mask
ip address W.X.Y.Z Mask secondary

Substitue IP and Mask with the relevant numbering.

Perhaps other people could comment here on whether the IP ranges can be
completely different classes, I am not sure. Also not too sure how the
NAT would need to work as I haven't an 837 to hand to give it a go.

What is the reason for wanting to do this ? Perhaps there is another
workaround that someone may be able to suggest.

Regards

Darren

 

Secondary address should work fine on an 837 - we are doing the same on a
2600 at one site.

None

 

Firstly, thank you for your reply Darren.

The reason is that I have 3 machines that I'd like to sit on a public
address (test servers for a hobby of mine), and NAT the desktop in the
house. The DSL router sits by the phone connection, and the switches
for our network live in the house basement. As a result, trailing a
second cable so that I could run the public network through Ethernet2
is non-trivial.

I'll give your method a try. I'll need to see if I can work out how to
nat connections from 10.1.1.0/24, and to route the public addresses,
through the same interface.

Although I can see this not working. Time to learn how to apply
that 12.3(7) upgrade.

 

I've done it that way too. Put both IPs on the interface, mark it as
NAT inside, and in your NAT override statements, you have it match
only the private internal network as actually doing the NAT.

 

Hey

I've given that a go.

I have 10.1.1.0/24 for internal machines natting fine :

interface Ethernet0
ip address 10.1.1.254 255.255.255.0
ip nat inside
no ip mroute-cache
hold-queue 100 out


Now I want to see the machines which are on the public addresses -
trying to add the address that 'Dialer0' has as the secondary interface
to ethernet0 isn't allowed. Trying to manually route to the address
that Dialer0 has open gives an error, 'Invalid next hop address (it's
this router)'

I must have misunderstood what you meant by putting the address on the
ethernet0 interface..

BR
AS