[c-nsp] Cisco 1711 NAT/IP Question

Paul Stewart pauls at nexicom.net
Fri Dec 10 11:32:51 EST 2004


Thanks for the reply...

Actually what I want is this:

INTERNET
  |
  |
1711
  +-------Soho91 (public IP space)
  |
  |
Private IP space (NAT based)

The Soho91's inside network and the Private IP space network as the same
physical network and share same Ip space

I'll have to set this up in test, I think it's easier to do than what I
was thinking..;)

Take care,

Paul


-----Original Message-----
From: Luan Nguyen [mailto:luan.nguyen at mci.com] 
Sent: Friday, December 10, 2004 11:21 AM
To: Paul Stewart; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Cisco 1711 NAT/IP Question


shouldn't be too difficult...
Create 2 vlans - one public /29 and connect  your soho to it the other
one - private plug it into the switch of your network behind the soho
Then there are 2 ways.
1-    hardcode the routes in your pc - route vpn to soho and default
route
to the private vlan ip address on the 1711
2- policy base routing on the soho where  you would send all internet
traffic to the 1711 and let vpn traffic passthrough. you could create a
natpool with a couple of ips out of the /29

 -luan

----- Original Message ----- 
From: "Paul Stewart" <pauls at nexicom.net>
To: <cisco-nsp at puck.nether.net>
Sent: Friday, December 10, 2004 10:28 AM
Subject: [c-nsp] Cisco 1711 NAT/IP Question


> Hi there...
>
> We have a customer that we are looking at putting a 1711 into, feeding

> them via ADSL (PPPOE)....
>
> I'd like to feed them a /29 block which is no problem... But when it 
> hits the router I'd like to take 2 of the switchports (this router has

> a built in 4 port switch) and make one a NAT based port for their 
> network.. And use the other port for a /30 public subnet...
>
> The customer has a regular LAN system (10-15 computers) but they also 
> have a Cisco Soho router doing a VPN Ipsec connection to a remote 
> office... I don't want to mess with their VPN (other than maybe giving

> them a new IP from their former provider).... But want the Soho to 
> have it's own public IP (right on the device, not mapped via NAT)...
>
> Is this difficult?  For some reason I'm having a hard time getting 
> this around my fat head..;)
>
> Thanks,
>
> Paul
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list