Announcement

Collapse
No announcement yet.

Use Cisco 1841 Router to replace Routing and Remote Access in Server 2008

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Use Cisco 1841 Router to replace Routing and Remote Access in Server 2008

    Dear techies,
    Please help me with a situation below:
    - I have the Routing and Remote Access role added and configured on Server 2008.
    - My server machine have 2 NICs.
    - One NIC has active internet connection from another gateway device, while the other NIC links to the other 2 sub-offices through a WAN.
    -ICS is on the NIC with Internet and the other sub-offices access this connection and through the same gateway.
    -This server hosts some shares visible to the all the users in the other locations.
    My task is to replace the Gateway Device with a Cisco 1841 Router while keeping the same setup.
    Any idea on how this can work is welcome.
    Attached is a basic hand-drawing showing this.
    Regards,
    Attached Files

  • #2
    Re: Use Cisco 1841 Router to replace Routing and Remote Access in Server 2008

    I'm assuming you have some sort of default route on the 08 server pointing to the gateway device for internet based traffic. You could do the same setup just with the 1841. What device is handling NAT? You could then just use static routes on the 1841 for your internal subnets. What type of wan connection to the remote offices? You could actually terminate everything to the 1841 and disable RRA on the server as well as ICS.
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment


    • #3
      Re: Use Cisco 1841 Router to replace Routing and Remote Access in Server 2008

      Yes.. the 08 server has a default route '0.0.0.0 0.0.0.0 gateway address'. Other routes to the sub-offices are also added.
      The gateway device performs NAT.
      The WAN connection to the remote offices is WiMAX based provided by the local telecom company. It is a network on its own.
      If RRA & ICS have to be disabled on the server, how would the physical connections then look like? Since there are only 2 Ethernet ports on the 1841 and 1 would be for the Internet, the other to the local LAN, leaving the WAN to the remote offices connection out..
      Thanks for any further help..
      Kind regards,
      Last edited by Easyb; 31st May 2010, 15:18.

      Comment


      • #4
        Re: Use Cisco 1841 Router to replace Routing and Remote Access in Server 2008

        You would have to add a ethernet wic to make that work. It can be done but not sure if your budget permits it as its working the way you want it now. If just replacing your current gateway with the 1841 you would need to configure nat.


        Example:

        access-list 1 permit 192.168.1.0 (subnets permitted to be natted)


        route-map NAT permit 10
        match ip addres 1

        ip nat inside source route-map NAT interface fa0/0 overload

        If you have multiple publics you could create a nat pool


        ip nat pool MYPOOL x.x.x.x x.x.x.x x.x.x.x mask y.y.y.y

        ip nat inside source route-map NAT pool MYPOOL


        int fa0/0
        ip nat outside

        int fa0/1
        ip nat inside
        CCNA, CCNA-Security, CCNP
        CCIE Security (In Progress)

        Comment


        • #5
          Re: Use Cisco 1841 Router to replace Routing and Remote Access in Server 2008

          Thanks alot..
          Will check with the local dealer to see the availability of a WIC and our budget as well..
          But could there be any possibility to achieve this without another WIC?
          Will post continously on my progress..
          Regards,

          Comment


          • #6
            Re: Use Cisco 1841 Router to replace Routing and Remote Access in Server 2008

            Like you said the 1841 has only 2 fast ethernet interfaces so you would need a another ethernet port for the other connection. So ethernet wic is the only other option
            CCNA, CCNA-Security, CCNP
            CCIE Security (In Progress)

            Comment


            • #7
              Re: Use Cisco 1841 Router to replace Routing and Remote Access in Server 2008

              Thanks.. will update you on my progress..
              Regards,

              Comment


              • #8
                Re: Use Cisco 1841 Router to replace Routing and Remote Access in Server 2008

                Hi again,
                Just wondering if I should keep the DHCP service on the server or configure it on the router?
                Currently DNS service is installed on the server, and is used by the users in the other suboffices.
                Once the router is setup, any insight on how this should be like?
                Thanks for the invaluable advice..
                Regards

                Comment


                • #9
                  Re: Use Cisco 1841 Router to replace Routing and Remote Access in Server 2008

                  I would keep dhcp on the server. Depending on how the router is setup you may need an access-list on the router allowing those dns requests to come inbound from the remote sites:

                  ip access-list extended DNS
                  perimit udp any host X.X.X.X eq domain (dns server listens on udp 53 for dns queries)
                  CCNA, CCNA-Security, CCNP
                  CCIE Security (In Progress)

                  Comment


                  • #10
                    Re: Use Cisco 1841 Router to replace Routing and Remote Access in Server 2008

                    Hi,
                    I ordered the HWIC-4ESW and should get it soon.
                    But I tried to prototype the network using Cisco Packet Tracer (to check if routing and the ACLs would be possible) and I couldn't configure an IP address on any interface of the HWIC-4ESW yet it is possible on the 2 in-built interfaces of the modular Cisco 1841.
                    Grateful for your invaluable advice..

                    Comment


                    • #11
                      Re: Use Cisco 1841 Router to replace Routing and Remote Access in Server 2008

                      May be a limitation of packet tracer. Try using the no switchport command under the interface.
                      CCNA, CCNA-Security, CCNP
                      CCIE Security (In Progress)

                      Comment


                      • #12
                        Re: Use Cisco 1841 Router to replace Routing and Remote Access in Server 2008

                        The no switchport command extends further as below:
                        GuluR(config-if)#no switchport ?
                        access Set access mode characteristics of the interface
                        mode Set trunking mode of the interface
                        native Set trunking native characteristics when interface is in trunking
                        mode
                        priority Set appliance 802.1p priority
                        trunk Set trunking characteristics of the interface


                        And I can't make a choice on what to choose further.

                        Any thoughts on HWIC-2FE card? I understand the ports are routable and as such the configurations as discussed before would work.

                        Thanks!

                        Comment


                        • #13
                          Re: Use Cisco 1841 Router to replace Routing and Remote Access in Server 2008

                          The no swithport will turn that switchport into a L3 interface you can put an ip address on. The other commands relate to the L2 switchport. All you need is no switchport.
                          CCNA, CCNA-Security, CCNP
                          CCIE Security (In Progress)

                          Comment


                          • #14
                            Re: Use Cisco 1841 Router to replace Routing and Remote Access in Server 2008

                            The no switchport command doesn't work.

                            I think I could use VLAN e.g VLAN 10, 20 and 30 and then configure VLAN interfaces for each.

                            Example:

                            interface Vlan 10
                            ip address 10.1.0.0. 255.255.0.0

                            interface Vlan 20
                            ip address 10.2.0.0. 255.255.0.0

                            interface Vlan 30
                            ip address 10.3.0.0. 255.255.0.0

                            And then configure the switch ports for each VLAN.

                            Example:
                            interface Fa 1
                            switchport mode access
                            switchport access vlan 10

                            interface Fa 2
                            switchport mode access
                            switchport access vlan 20
                            i
                            nterface Fa 3
                            switchport mode access
                            switchport access vlan 30

                            How would I then configure routing between the different VLANs and the whole network generally?

                            Regards,

                            Comment


                            • #15
                              Re: Use Cisco 1841 Router to replace Routing and Remote Access in Server 2008

                              Hi all,

                              Please examine the config below on the 1841 Router.
                              I have tried and the vlans are communicating and accessing Internet. However I have to enter the address of the DNS server manually on a client in each vlan. Is there any way this could be achieved automatically since I entered the ip name-server?


                              Router>en
                              Router#sh run
                              Building configuration...

                              Current configuration : 2016 bytes
                              !
                              version 12.4
                              service timestamps debug datetime msec
                              service timestamps log datetime msec
                              no service password-encryption
                              !
                              hostname Router
                              !
                              boot-start-marker
                              boot-end-marker
                              !
                              !
                              no aaa new-model
                              ip cef
                              !
                              !
                              !
                              !
                              ip name-server 194.xxx.xxx.50
                              ip name-server 194.xxx.xxx.51
                              multilink bundle-name authenticated
                              !
                              !
                              archive
                              log config
                              hidekeys
                              !
                              !
                              !
                              !
                              !
                              interface FastEthernet0/0
                              description ***INTERNET***
                              ip address 212.xxx.xxx.xxx 255.255.255.252
                              ip nat outside
                              ip virtual-reassembly
                              duplex auto
                              speed auto
                              !
                              interface FastEthernet0/1
                              no ip address
                              duplex auto
                              speed auto
                              !
                              interface FastEthernet0/1.10
                              description ***RESIDENCES & STTA***
                              encapsulation dot1Q 10
                              ip address 172.16.1.1 255.255.255.0
                              ip nat inside
                              ip virtual-reassembly
                              !
                              interface FastEthernet0/1.20
                              description ***WAN TO SUB-OFFICES***
                              encapsulation dot1Q 20
                              ip address 192.168.1.1 255.255.255.0
                              ip nat inside
                              ip virtual-reassembly
                              !
                              interface FastEthernet0/1.30
                              description ***MAIN LAN***
                              encapsulation dot1Q 30
                              ip address 10.0.1.1 255.255.255.0
                              ip nat inside
                              ip virtual-reassembly
                              !
                              interface FastEthernet0/0/0
                              switchport access vlan 10
                              !
                              interface FastEthernet0/0/1
                              switchport access vlan 20
                              !
                              interface FastEthernet0/0/2
                              switchport access vlan 30
                              !
                              interface FastEthernet0/0/3
                              description ***TRUNK***
                              switchport mode trunk
                              !
                              interface Vlan1
                              no ip address
                              !
                              router rip
                              version 2
                              network 10.0.0.0
                              network 172.16.0.0
                              network 192.168.1.0
                              !
                              ip forward-protocol nd
                              ip route 0.0.0.0 0.0.0.0 212.xxx.xxx.xxx
                              !
                              !
                              ip http server
                              ip nat pool office 21x.xxx.xxx.xxx 21x.xxx.xxx.xxx netmask 255.255.255.252
                              ip nat inside source list 10 interface FastEthernet0/0 overload
                              !
                              access-list 10 permit 10.0.1.0 0.0.0.255
                              access-list 10 permit 172.16.1.0 0.0.0.255
                              access-list 10 permit 192.168.1.0 0.0.0.255
                              !
                              !

                              Comment

                              Working...
                              X