From: Gregory Gombas (ggombas@gmail.com)
Date: Wed Dec 10 2008 - 19:02:52 ARST
Hi Mark,
I tried configuring the router in the middle as you described, I
think the problem is that the firewall is trying to communicate to the
ISP router via ethernet encapsulation, and the ISP router is trying to
talk to the firewall using HDLC encapsulation. Therefore the firewall
cannot arp for the ISP router's
IP, and even forcing a bogus static arp is not working.
Is the router that's doing the bridging supposed to do some sort of
protocol translation?
Thanks,
Greg
On Tue, Dec 9, 2008 at 1:48 PM, Mark Cairns <m.a.cairns@gmail.com> wrote:
> Greg,
>
> I've connected 2 LANs on different routers with a serial link between them
> in bridged mode like this:
>
> no ip routing
> bridge 1 protocol ieee
> int ethernet x/x
> bridge-group 1
> int serial x/x
> bridge-group 1
>
> Not sure if it will work in your scenario, as you didn't mention the
> configuration that you tested.
>
> Mark
>
> On Tue, Dec 9, 2008 at 1:32 PM, Gregory Gombas <ggombas@gmail.com> wrote:
>>
>> Thanks Long, I have considered the static NAT, but I was just
>> wondering if the bridge concept was even feasible.
>>
>> Regards,
>> Greg
>>
>> On Tue, Dec 9, 2008 at 1:25 PM, Long Nguyen <longoc@gmail.com> wrote:
>> > Maybe you could use a static one-to-one NAT to the firewall?
>> >
>> >
>> > Long Nguyen
>> >
>> >
>> >
>> > On Tue, Dec 9, 2008 at 10:22 AM, Gregory Gombas <ggombas@gmail.com>
>> > wrote:
>> >>
>> >> Hi Gang,
>> >>
>> >> My client has a Cisco router with a T1 connection to the internet.
>> >> They were only allocated one IP from the ISP and that is assigned to
>> >> the serial interface of the Cisco router.
>> >> Currently the router is doing the NAT'ing and firewall functions for
>> >> the internal network, but they would like to install a separate
>> >> firewall behind the router so they can control the filtering and NAT
>> >> translations from this new firewall instead of the router.
>> >>
>> >> Can I put the router into bridge mode so that I can assign the
>> >> internet address directly to the firewall? I tried testing this in my
>> >> lab but the problem is the arp requests from the firewall are failing
>> >> due to the difference in encapsulations.
>> >>
>> >> The setup looks like this:
>> >>
>> >> ISP (55.55.55.1/30)
>> >> |
>> >> Router
>> >> |
>> >> Firewall (55.55.55.2/30)
>> >> |
>> >> Internal Network (192.168.1.0/24)
>> >>
>> >> Is this even feasible?
>> >>
>> >> Thanks,
>> >> Greg
>> >>
>> >>
>> >> Blogs and organic groups at http://www.ccie.net
>> >>
>> >> _______________________________________________________________________
>> >> Subscription information may be found at:
>> >> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:08 ARST