[c-nsp] Cisco 1711 NAT/IP Question

Luan Nguyen luan.nguyen at mci.com
Fri Dec 10 11:20:50 EST 2004


shouldn't be too difficult...
Create 2 vlans - one public /29 and connect  your soho to it
the other one - private plug it into the switch of your network behind the
soho
Then there are 2 ways.
1-    hardcode the routes in your pc - route vpn to soho and default route
to the private vlan ip address on the 1711
2- policy base routing on the soho where  you would send all internet
traffic to the 1711 and let vpn traffic passthrough.
you could create a natpool with a couple of ips out of the /29

 -luan

----- Original Message ----- 
From: "Paul Stewart" <pauls at nexicom.net>
To: <cisco-nsp at puck.nether.net>
Sent: Friday, December 10, 2004 10:28 AM
Subject: [c-nsp] Cisco 1711 NAT/IP Question


> Hi there...
>
> We have a customer that we are looking at putting a 1711 into, feeding
> them via ADSL (PPPOE)....
>
> I'd like to feed them a /29 block which is no problem... But when it
> hits the router I'd like to take 2 of the switchports (this router has a
> built in 4 port switch) and make one a NAT based port for their
> network.. And use the other port for a /30 public subnet...
>
> The customer has a regular LAN system (10-15 computers) but they also
> have a Cisco Soho router doing a VPN Ipsec connection to a remote
> office... I don't want to mess with their VPN (other than maybe giving
> them a new IP from their former provider).... But want the Soho to have
> it's own public IP (right on the device, not mapped via NAT)...
>
> Is this difficult?  For some reason I'm having a hard time getting this
> around my fat head..;)
>
> Thanks,
>
> Paul
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list