Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

IP address

0 views
Skip to first unread message

Someone

unread,
Apr 8, 2002, 11:51:32 AM4/8/02
to
Hello,

I have got a 2600 Cisco router with two FastEthernet ports and one
serial port to connect the company to the internet.The Serial interface
has got assigned a 24 bit class c public network. One of the
FastEthernet interfaces is for the internal network (a RFC 1918 class a
network 10.x.x.x).

What I now would like to do is to use some of the IP addresses that I
have on my Serial interface to assign them to internet servers. How can
I do that ?? Do I need to subnet ? Is there an easier way ? Remember: i
got a free fastethernet network card.

thank you very much for your help.

Marc

Max Kupriyanov

unread,
Apr 8, 2002, 12:22:59 PM4/8/02
to
There are two ways: Network Address Translation or using subnetted
environment for creation some kind of demilitarized zone (DMZ) on your
second interface.

1. NAT: You can place your public servers in the private network with
10.x.x.x. addresses and make some static translation on your router.
2. DMZ: You may set your servers onto your second ethernet card and give'em
addresses from public pool. Of course you must use subnetted environment in
this case.
3. You can use both of variants.

Anyway if you're a newbie in cisco solutions it is highly recommended to
read some documents from www.cisco.com.

Sincerely yours,
Max

"Someone" <ple...@nospam.net> wrote in message
news:3CB1BC8...@nospam.net...

Someone

unread,
Apr 8, 2002, 12:31:50 PM4/8/02
to
Max Kupriyanov wrote:

No I cannot use NAT because I am using PPTP and GRE behind and Cisco IOS
NAT does not support encrypted payload in GRE which I want to use for
VPN client software.

Can you give me more informations on how to create this DMZ then on my
FastEthernet card ?

Thanks again


Max Kupriyanov

unread,
Apr 8, 2002, 12:58:11 PM4/8/02
to
So you can't use NAT... Hmm not a good idea but must prime all of your
internal hosts with real addresses then.
for example you have 200.200.200.0/24 public network and you want to divide
all of your hosts on to 3 subnets (62,62 and 126 addresses). The basic way
is:

interface Serial0/0
ip address 200.200.200.1 255.255.255.129
interface FastEthernet0/0
ip address 200.200.200.65 255.255.255.192
interface FastEthernet0/1
ip address 200.200.200.129 255.255.255.128

The other way is to use NAT only on private interface and take hosts with
VPN software into DMZ (second iface).

Sincerely yours,
Max

Max Kupriyanov

unread,
Apr 8, 2002, 1:01:14 PM4/8/02
to
Sorry of my mistake:
line
ip address 200.200.200.1 255.255.255.129
should be read as:
ip address 200.200.200.1 255.255.255.192
:)

Someone

unread,
Apr 8, 2002, 1:13:35 PM4/8/02
to
Max Kupriyanov wrote:

> So you can't use NAT... Hmm not a good idea but must prime all of your
> internal hosts with real addresses then.
> for example you have 200.200.200.0/24 public network and you want to divide
> all of your hosts on to 3 subnets (62,62 and 126 addresses). The basic way
> is:
>
> interface Serial0/0
> ip address 200.200.200.1 255.255.255.129
> interface FastEthernet0/0
> ip address 200.200.200.65 255.255.255.192
> interface FastEthernet0/1
> ip address 200.200.200.129 255.255.255.128


That's a good idea to do it like that, but is it possible to use a 30
bit subnet mask for the serial interface as it is a point-to-point
interface and have all the reste of the adresses on my ethernet interface ?

> The other way is to use NAT only on private interface and take hosts with

> VPN software into DMZ (second iface).


Well the VPN server (microsoft) will have two NICs one plugged to the
internal network (private IP addresses) and the second NIC will be
plugged into the public network (public IP addresses). But I need to
have my public ip addresses on a FastEthernet interface first to do that.

Regards

Max Kupriyanov

unread,
Apr 8, 2002, 1:36:17 PM4/8/02
to
"Someone" <ple...@nospam.net> wrote in message
news:3CB1CFBF...@nospam.net...

> Max Kupriyanov wrote:
>
> > So you can't use NAT... Hmm not a good idea but must prime all of your
> > internal hosts with real addresses then.
> > for example you have 200.200.200.0/24 public network and you want to
divide
> > all of your hosts on to 3 subnets (62,62 and 126 addresses). The basic
way
> > is:
> >
> > interface Serial0/0
> > ip address 200.200.200.1 255.255.255.129
> > interface FastEthernet0/0
> > ip address 200.200.200.65 255.255.255.192
> > interface FastEthernet0/1
> > ip address 200.200.200.129 255.255.255.128
>
>
> That's a good idea to do it like that, but is it possible to use a 30
> bit subnet mask for the serial interface as it is a point-to-point
> interface and have all the reste of the adresses on my ethernet interface
?

the basic answer is no.
By the way: providers usually set their own ip on serial interfaces, or set
one of your ip on their own side of pvc.
Which is your situation?

another way is to set s0/0: /30, fa0/1: /25 and use NAT inside on fa0/0.
In this case you can use any nat-pools or static translations from 122
addresses as you like.

There is a good program to help you to understand subnetting: go to
www.solarwinds.net and download "Advanced subnet calculator".

Someone

unread,
Apr 9, 2002, 4:32:03 AM4/9/02
to
Max Kupriyanov wrote:


My situation is that it's my ip address which was asssigned to the
serial interface and that with a subnet of 24 bits, full class c network.


0 new messages