Announcement

Collapse
No announcement yet.

Cisco 851/871 and ip helper

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco 851/871 and ip helper

    We currently have a main site with 3 branch offices.

    Our main site has the DHCP server. We use ip helper to forward DHCP requests across our T1 WAN links to and from the branches.

    We want to build redundancy into our WAN links. Our best option so far is to setup DSL internet connections at each branch and run VPN tunnels in the event that our main site goes down.

    Do the 851/871 series support ip helper? I'm not new to cisco equipment but I rarely work on it. I'm not sure if the 851/871's can run ip helper through a VPN tunnel. So far I havne't found any information that would directly answer my question.

    Thanks in advance for your help.
    CCA: XenApp 5.0

  • #2
    Re: Cisco 851/871 and ip helper

    While I haven't tried this, the 851/871 series have just about all the same IOS commands as the other 2600/3600 series of routers - especially when it comes to IP helper.

    I use IP helper on the ethernet LAN interface at my remote sites. From there, the traffic can either traverse my main Sprint MPLS connection back to the HQ DHCP server -OR- it can go across Internet DSL backup lines connected via VPN tunnels.

    The DHCP works the same, I haven't had any issues with it.

    Thus, I don't believe you should have any trouble but, again, I haven't tried it on that model of router.

    I hope that helps!
    David Davis - Petri Forums Moderator & Video Training Author
    Train Signal - The Global Leader in IT Video Training
    TrainSignalTraining.com - Free IT Training Products
    Personal Websites: HappyRouter.com & VMwareVideos.com

    Comment


    • #3
      Re: Cisco 851/871 and ip helper

      Thanks for the advice David!

      Seems like you have a setup similar to what we want.

      Our problem is the 2600 routers. Each one at the branches has an extra ethernet port that we could connect to a broadband connection. Unfortunately we don't have the AIM-VPN module for the routers. We're not entirely sure if it's better to purchase an 800 series that would completely replace the 2600 in a disaster, or purchase an AIM-VPN module for the 2600's and run both WAN connections on the one router, or take that money and put it towards a brand new 1800 series that would handle both WAN connections.

      Cisco has got my head spinning so fast.
      CCA: XenApp 5.0

      Comment


      • #4
        Re: Cisco 851/871 and ip helper

        Hi there,

        You do know that the 2600 can do a VPN tunnel without the AIM-VPN, module, right?
        As long as you have the IPSEC/FW IOS.

        Althought, at my company, we aren't doing that. What we are using is just an external firewall and offloading that onto another device. We started with PIX 501s but then tested Fortinet 60's and found them to be superior (in our opinion) and easier to use. So, I have my 2600 or 3600 then a Fortinet that connects to whatever Internet line is available (could be wireless, T1, DSL, or other).

        I hope that helps

        David
        David Davis - Petri Forums Moderator & Video Training Author
        Train Signal - The Global Leader in IT Video Training
        TrainSignalTraining.com - Free IT Training Products
        Personal Websites: HappyRouter.com & VMwareVideos.com

        Comment


        • #5
          Re: Cisco 851/871 and ip helper

          Originally posted by daviddavis View Post
          Hi there,

          You do know that the 2600 can do a VPN tunnel without the AIM-VPN, module, right?
          As long as you have the IPSEC/FW IOS.

          Althought, at my company, we aren't doing that. What we are using is just an external firewall and offloading that onto another device. We started with PIX 501s but then tested Fortinet 60's and found them to be superior (in our opinion) and easier to use. So, I have my 2600 or 3600 then a Fortinet that connects to whatever Internet line is available (could be wireless, T1, DSL, or other).

          I hope that helps

          David
          Thanks for the info on the 2600's. I'll have to look and see which IOS we use.

          We were thinking of using an ASA5505 in this setup as well but didn't know if it would work.

          We would connect the 2600 to the ASA via ethernet, then connect the ASA to our broadband connection. As far as configuring the ASA, my boss is taking an ASA configuration class as I write this. I need to look into some load balancing devices. Would be nice to utilize both connections if possible.

          Thanks again for the help David!
          CCA: XenApp 5.0

          Comment


          • #6
            Re: Cisco 851/871 and ip helper

            Hi Marc,

            Sure, an ASA would be great. It could do this. With an external firewall you only need 1 ethernet on the router. The external firewall just acts like another router on the network. The Cisco is still the default gateway for all the PCs and, if routing tells it to, it forwards the traffic over to the ASA, or whatever it is.

            Hmm, load balancing would be very difficult. You could do something like direct all Internet traffic through the ASA and all internal network traffic through the private line but real load balancing over different devices could be tough. I can't even get real Internet load balancing working at my HQ. We used BGP but that isn't real load balancing. I looked at a device called PePLink. It does load balancing over different links somehow but I haven't tried it yet and don't fully understand it yet.

            Good luck to you,
            David
            David Davis - Petri Forums Moderator & Video Training Author
            Train Signal - The Global Leader in IT Video Training
            TrainSignalTraining.com - Free IT Training Products
            Personal Websites: HappyRouter.com & VMwareVideos.com

            Comment

            Working...
            X