[nsp] Cisco 1720 or above Firewall using DHCP outside

Charles H. Gucker cgucker at cv.net
Thu Nov 20 16:57:08 EST 2003

On Thu, Nov 20, 2003 at 02:42:02PM -0600, Chad Lander wrote:
> Is it possible to use a 1720 or something in the 2600 range in a dual
> Ethernet environment?

	yes.  but I'm currently using an 831, which is basically the
same thing, just designed more for soho connectivity.  Version 12.2(8)YN.
The same support should be in the 1700 and 2600 world.

> Outside is a DHCP DSL router w/ no static IP.

	I do this at home.

> Inside is a static 10.0.0.x network.

	Any RFC1928 space will do, I use 192.168, but you can use net 10
if you wish.

> The DSL provider doesn't give statics so every time the IP changes I have to
> rewrite the config.

	Well, don't use the IP in your config, use EthernetX or FastEthernetX.
This would make sure your configs will change with your dynamic IP.

> Does Cisco make a product (IOS) that takes in a DHCP address and rewrites
> the firewall config on the fly to the new address?

	Most of the later ones support DHCP, so as long as your config uses
the interface name and not the specific IP, you're golden.

> I've tried the 12.1 and 12.2 IOS, and haven't been able to get a 12.3 IOS to
> try...am I wasting my time?

	Definately not a waste of time.

interface Ethernet0
 ip address
 ip nat inside
 no cdp enable
interface Ethernet1
 ip address dhcp
 ip nat outside
 no cdp enable
ip nat inside source list 102 interface Ethernet1 overload
ip nat inside source static tcp <internal host> 113 interface Ethernet1 113
ip nat inside source static tcp <internal host> 22 interface Ethernet1 22
ip route Ethernet1
and the normal ACL for the internal DHCP pool.

access-list 102 permit ip any
access-list 102 deny any any  log

any questions? :)


More information about the cisco-nsp mailing list