Cisco 837, 2 internal networks, one natted, one public dmz.

Discussion in 'Cisco' started by alstamp, Apr 23, 2005.

  1. alstamp

    alstamp Guest

    Good day

    I've been scratching my head with this one for a little while. I have
    a /29 from my uk based ISP, and want to create the following scenario
    at home :

    internet - cisco 837 ---+
    +--- Internal Natted network []
    +--- External DMZ, routed, public []

    It looks like an IOS update for this family of routers allows you to do
    just that[*] - The release notes for 12.3(7) show that one can create a
    second Ethernet interface, Ethernet2 to apply different rules to two
    seperate physical networks, but I was hoping that I'd be able to hang
    the two logically seperate networks on the same physical bit of wire?

    Essentially this would mean that and, say, the
    default routes for the internal and external network are the same
    physical interface on the Cisco 837.

    Is this going to be possible? If not, I'll have to try to IOS upgrade,
    but as a newbie, this isn't something I relish trying. :)

    [*] -

    Many thanks for any help
    alstamp, Apr 23, 2005
    1. Advertisements

  2. alstamp

    Darren Green Guest


    Something tells me that you can put a secondary ip address on the E0
    interface of an 837. Unfortunately I cannot find an example on the Cisco
    WWW site following a quick search.

    Under your interface e,.g, Ethernet 0 you should be able to tyre:

    ip address A.B.C.D Mask
    ip address W.X.Y.Z Mask secondary

    Substitue IP and Mask with the relevant numbering.

    Perhaps other people could comment here on whether the IP ranges can be
    completely different classes, I am not sure. Also not too sure how the
    NAT would need to work as I haven't an 837 to hand to give it a go.

    What is the reason for wanting to do this ? Perhaps there is another
    workaround that someone may be able to suggest.


    Darren Green, Apr 23, 2005
    1. Advertisements

  3. alstamp

    none Guest

    Secondary address should work fine on an 837 - we are doing the same on a
    2600 at one site.

    none, Apr 24, 2005
  4. alstamp

    alstamp Guest

    Firstly, thank you for your reply Darren.

    The reason is that I have 3 machines that I'd like to sit on a public
    address (test servers for a hobby of mine), and NAT the desktop in the
    house. The DSL router sits by the phone connection, and the switches
    for our network live in the house basement. As a result, trailing a
    second cable so that I could run the public network through Ethernet2
    is non-trivial.

    I'll give your method a try. I'll need to see if I can work out how to
    nat connections from, and to route the public addresses,
    through the same interface.

    Although I can see this not working. :( Time to learn how to apply
    that 12.3(7) upgrade.
    alstamp, Apr 24, 2005
  5. I've done it that way too. Put both IPs on the interface, mark it as
    NAT inside, and in your NAT override statements, you have it match
    only the private internal network as actually doing the NAT.
    Doug McIntyre, Apr 24, 2005
  6. alstamp

    alstamp Guest


    I've given that a go.

    I have for internal machines natting fine :

    interface Ethernet0
    ip address
    ip nat inside
    no ip mroute-cache
    hold-queue 100 out

    Now I want to see the machines which are on the public addresses -
    trying to add the address that 'Dialer0' has as the secondary interface
    to ethernet0 isn't allowed. Trying to manually route to the address
    that Dialer0 has open gives an error, 'Invalid next hop address (it's
    this router)'

    I must have misunderstood what you meant by putting the address on the
    ethernet0 interface..

    alstamp, Apr 24, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.