2600 config help needed 1

[turalo]

Hi guys,

I need to setup a 2600 on a public IP, and behind that I want to set a server for openvz virtual machines. So the question is if this is doable ? I want to use it as kind a firewall, and there is only one lan interface on my 2600 series router.
And because I will use few virtual machines on one server, I want to use for each virtual machine a different public IP. and different port must be open or closed for security reasons.
I have already set the IP on this router. and I can ping outside IP's. So if this is a right way to go,if this is doable, please help me understand and take steps to accomplish this.

thanks.


computers were made to solve problems that did not exist before them.

 

[JOAMON]

Is the one lan interface used to connect the router to the internet? What model 2600? You can setup as many static nats as you want then just configure your access lists accordingly. How many outside addresses do you plan to use and is your IP block capable of that?

 

[turalo]

I'm planning to use 3-4 vm's on that one server, so then I gues it will be like maximal 3-4 adresses including server adress.
I have an IP block with 10 free IP's.
212.x.x.x

Hereby my show v.

Router>show v
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 07-Dec-99 02:12 by phanguye
Image text-base: 0x80008088, data-base: 0x807AAF70

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Router uptime is 1 day, 2 hours, 24 minutes
System returned to ROM by power-on
System image file is "flash:c2600-i-mz.120-7.T.bin"

cisco 2620 (MPC860) processor (revision 0x102) with 26624K/6144K bytes of memory
.
Processor board ID JAD0441094K (2843122297)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
1 FastEthernet/IEEE 802.3 interface(s)
1 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102





and here show run :


Router#show run
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
!
!
!
!
!
ip subnet-zero
!
!
!
!
interface FastEthernet0/0
ip address 192.168.1.75 255.255.255.0
no ip directed-broadcast
duplex auto
speed auto
!
interface Serial0/0
no ip address
no ip directed-broadcast
shutdown
!
ip classless
no ip http server
!
!
line con 0
transport input none
line aux 0
line vty 0 4
login local
!
end




right now it's just set localy to test this.

thanks in advance

computers were made to solve problems that did not exist before them.

 

[cisconooblet]

Make it light on yourself...get another ethernet module for that router and then just do normal natting and acl's.

CCNA, BCNE, Security+, Network +

 

[turalo]

I have a pix 5xx will find it tomorrow, and see if that one goes better. Thanks for now

computers were made to solve problems that did not exist before them.

 

[imbadatthis]

wont the server support taggging ?

if yes you can create mulitiple subinterfaces on your side and just use them.
Then you can NAT to your real IPs...

just a thought...

We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

 

[cisconooblet]

That would be NAT on a stick. You can google the concept. It is doable but not the best practice. I think that along with the acl's he will need to create would be a pain. JMO a cheap ethernet module would go a long way.

CCNA, BCNE, Security+, Network +

 

[brianinms]

Ditch the router and get an ASA 5505 for a few hundred dollars.

 

[VinceWhirlwind]

I second that - the 5505 is cheap and very useful.

 

[unclerico]

i "third" that suggestion of an ASA.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[turalo]

Ok, I have found my cisco Pix 501. it's a 6 port router/firewall, 4 lan out, 1 lan in, and 1 console.

Now I want to config it 2 ways, I want to make local net with 192.x.x.x and also I want to make possible that some devices keep their public IP, but are behind this firewall. sothat I can enable and disable ports for this device. now the question is, is this possible ? to have both types of networks on one pix at a time ?



computers were made to solve problems that did not exist before them.