cisco 2600 on cable modem 4mbps!..

I built the test network I designed a couple weeks ago, but made a few changes to the subnets and a couple additions to the network.

This design is a bit complex, as I needed to double NAT to get routing working properly. What I don't quite understand is, why do I need to NAT the outside interface? I have typed out the configuration used on our router(**PLEASE KEEP IN MIND THE EXTERNAL IP FROM THE ISP IS FAKE, FOR PROTECTION SO YOU CAN IGNORE THE ADDRESSING, PREFIX NOTATION ECT**).


interface FastEthernet0/0
ip address 217.12.68.40 255.255.255.248
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.16.1.254 255.255.255.0
ip nat inside
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 217.12.68.40

I have tried to run the above without NATing fa0/0 but I wasn't able to route traffic.

Here is the new network topology

The network is fully functional, but a double NAT is being used. But keep in mind, the only reason for the double NAT is because we are using the business DSL. If this were a DIA with a T1 connection, we would just use the WIC and all would be good without the need for double NATing.

Any thoughts? Concerns? Criticism?


Cheers mates,

ZiPPy

ZiPPy,

Interesting design, If you are sure the DSL modem is doing NAT, then (in theory) you can remove both ip nat inside and ip nat outside from your router interfaces. Also that ip route command should point to the DSL's internal IP, not 217.12.68.40 which is on the router it self. In other words it should look like this:

[code:1]interface FastEthernet0/0
ip address 217.12.68.40 255.255.255.248
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.16.1.254 255.255.255.0
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 <ip_of_dsl_modem>[/code:1]

If you don't know the IP of the DSL modem you can use this:

[code:1]ip route 0.0.0.0 0.0.0.0 FastEthernet0/0[/code:1]

But I have one doubt here, if the DSL modem was indeed doing NAT, then the FastEthernet0/0 should not have a public IP address (217.12.68.x). It should be in a private range (192.168.x.x or 10.x.x.x or 172.16.x.x). So I'm guessing the DSL modem is NOT doing NAT at all.

I'm pretty sure the DSL modem is not NATing, but if I were to remove the line p nat outside connectivity would be severed. So something isn't right here, or I'm just confused on the path of traffic.

In regards to the ip route, how can I have the ip route point to the DSL's internal IP when it doesn't even have one?

My ip route is set for the gateway of the DSL. I configured the ip route as ip route 0.0.0.0 0.0.0.0 <address> to be used as a gateway of last resort.


ZiPPy

You could also make a dialer interface on the 2800 and make your default route to your dialer interface. That way you wouldnt even need to know your gateway's IP address and you could make a default route on your PIX that points to the inside of the 2800.

The pix wouldnt even have to use NAT as you can make statics or use a routing protocol on your own internal network.

On the other hand you could just as well drop the 2800 and replace it with the PIX.


dialer interface config
[code:1]
interface FastEthernet0/0
no ip address
ip virtual-reassembly
speed 100
full-duplex
pppoe-client dial-pool-number 1
!
interface Dialer1
ip address 217.12.68.40 255.255.255.248
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username wouldntyouliketoknow password hehehehe
ppp ipcp mask request
ppp ipcp address accept
!
ip route 0.0.0.0 0.0.0.0 Dialer1
dialer-list 1 protocol ip permit[/code:1]

I got some other ideas as well so just hit me up on msn sometime.

I'm pretty sure the DSL modem is not NATing.

Then I think I miss understood you. Were is the double NAT? Did you mean the NATing on the Pix? You don't need that since you only have private IPs on both sides of the Pix. You only need NAT were you have public IPs on the outside and private IPs on the inside. So the 2800 is the device that needs to do NAT, no wonder it doesn't work without it. So you don't need to drop the ip nat inside or ip nat outside on the 2800, the config looks OK.

Or as r0nni3 suggested you could totally remove the 2800 and configure the Pix to do NAT.

Regarding the gateway IP. Your right, it should point to the next hop IP. Since the modem doesn't have one it should be your IPS's IP. But from the diagram, 217.12.68.40 doesn't seam to be the right one. Thats as far as I know, I'll leave that to r0nni3 since he seams to have better ideas

The purpose of this setup was for a test environment or more so even a lab. I am trying to mimic a production environment. In a typical production environment you will need a router to which the DIA will connect. Being that a DIA will be either a T1 or T3 connection, a router is required. The test environment is utilizing a business DSL line. So from the looks of it, yes you can remove the router and make due with just the PIX and switch, but for the lab sake we are not.

@ S0lo

Since the modem doesn't have one it should be your IPS's IP. But from the diagram, 217.12.68.40 doesn't seam to be the right one.

Are you referring to the actual IP address? If you are, remember this is a fake address as I did not want to reveal the true IP.


Cheers,

ZiPPy