From: Mark Cairns (m.a.cairns@gmail.com)
Date: Wed Dec 10 2008 - 19:33:29 ARST
Greg,
That would make sense. My configuration was used to extend a subnet between
ethernet segments on different routers. I did not need to communicate
directly between ethernet devices and devices on the serial interface
(frame-relay in my case).
I guess I would ask the ISP to rebuild the circuit and give you a /30 to the
router and a separate IP address which is routed to you. Then you can do
what you need without a complicated configuration.
Mark
On Wed, Dec 10, 2008 at 4:02 PM, Gregory Gombas <ggombas@gmail.com> wrote:
> Hi Mark,
>
> I tried configuring the router in the middle as you described, I
> think the problem is that the firewall is trying to communicate to the
> ISP router via ethernet encapsulation, and the ISP router is trying to
> talk to the firewall using HDLC encapsulation. Therefore the firewall
> cannot arp for the ISP router's
> IP, and even forcing a bogus static arp is not working.
>
> Is the router that's doing the bridging supposed to do some sort of
> protocol translation?
>
> Thanks,
> Greg
>
> On Tue, Dec 9, 2008 at 1:48 PM, Mark Cairns <m.a.cairns@gmail.com> wrote:
> > Greg,
> >
> > I've connected 2 LANs on different routers with a serial link between
> them
> > in bridged mode like this:
> >
> > no ip routing
> > bridge 1 protocol ieee
> > int ethernet x/x
> > bridge-group 1
> > int serial x/x
> > bridge-group 1
> >
> > Not sure if it will work in your scenario, as you didn't mention the
> > configuration that you tested.
> >
> > Mark
> >
> > On Tue, Dec 9, 2008 at 1:32 PM, Gregory Gombas <ggombas@gmail.com>
> wrote:
> >>
> >> Thanks Long, I have considered the static NAT, but I was just
> >> wondering if the bridge concept was even feasible.
> >>
> >> Regards,
> >> Greg
> >>
> >> On Tue, Dec 9, 2008 at 1:25 PM, Long Nguyen <longoc@gmail.com> wrote:
> >> > Maybe you could use a static one-to-one NAT to the firewall?
> >> >
> >> >
> >> > Long Nguyen
> >> >
> >> >
> >> >
> >> > On Tue, Dec 9, 2008 at 10:22 AM, Gregory Gombas <ggombas@gmail.com>
> >> > wrote:
> >> >>
> >> >> Hi Gang,
> >> >>
> >> >> My client has a Cisco router with a T1 connection to the internet.
> >> >> They were only allocated one IP from the ISP and that is assigned to
> >> >> the serial interface of the Cisco router.
> >> >> Currently the router is doing the NAT'ing and firewall functions for
> >> >> the internal network, but they would like to install a separate
> >> >> firewall behind the router so they can control the filtering and NAT
> >> >> translations from this new firewall instead of the router.
> >> >>
> >> >> Can I put the router into bridge mode so that I can assign the
> >> >> internet address directly to the firewall? I tried testing this in my
> >> >> lab but the problem is the arp requests from the firewall are failing
> >> >> due to the difference in encapsulations.
> >> >>
> >> >> The setup looks like this:
> >> >>
> >> >> ISP (55.55.55.1/30)
> >> >> |
> >> >> Router
> >> >> |
> >> >> Firewall (55.55.55.2/30)
> >> >> |
> >> >> Internal Network (192.168.1.0/24)
> >> >>
> >> >> Is this even feasible?
> >> >>
> >> >> Thanks,
> >> >> Greg
> >> >>
> >> >>
> >> >> Blogs and organic groups at http://www.ccie.net
> >> >>
> >> >>
> _______________________________________________________________________
> >> >> Subscription information may be found at:
> >> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:08 ARST