CIsco 827 DSL Router ? on Static IP

Post by paul_tomli » Mon, 29 Dec 2003 22:34:42

Hi i've got an 827 working fine with dynamic IP, i now intend to add a
PIX into the equation, I have requested 4 static IP Addresses from my
ISP and now need a little help with the config if anyone can guide me
in the right direction i would appreciate it, I want to assign a
static IP to the outside interface of the 827 which looks pretty
straight forward what i also want to do is assign a static ip to the
outside of the PIX (PIX config is easy) but how do i tell the ethernet
int of the 827 to accept connections from a public IP?

i've checked out following URL but not much help

And heres my config

version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
ip subnet-zero
no ip domain-lookup
ip dhcp excluded-address
ip dhcp pool CLIENT
import all
lease 0 2
interface Ethernet0
ip address
ip nat inside
hold-queue 100 out
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
dsl operating-mode auto
interface Dialer1
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp chap hostname ????
ppp chap password 7 ????
ppp pap sent-username ???? password 7 ?????
ip nat inside source list 102 interface Dialer1 overload
ip classless
ip route Dialer1
ip http server
access-list 23 permit
access-list 102 permit ip any
dialer-list 1 protocol ip permit
line con 0
exec-timeout 120 0
password 7 ?????????
stopbits 1
line vty 0 4
access-class 23 in
exec-timeout 120 0
password 7 ?????????
length 0
scheduler max-task-time 5000

Hope someone can offer some guidance

Post by Chri » Tue, 30 Dec 2003 01:30:56

If you want to put one of the static IP's on the outside of the PIX then the
first public IP from your range would need to be on the ethernet side of the
router. The ISP might assign a seperate IP for the ATM side and then route
to your /29 range via the outside ATM address. For example, the company that
I work for assigns the live range to the ethernet side of the router so that
it can then talk to the outside of the firewall on the same range. The ATM
side of the DSL router then gets a 10.x.x.x address so that it can talk to
our ADSL platform on an address range that is only routable on our network.

You will have to talk to your ISP to find out how they would handle this as
different ISP's do it differently.