Expanding my IP range

[lewa8978]

I am not a router expert, so please excuse any omissions in my list of information. I have a Cisco 1720 router that our company is using to provide Internet access to our users, pass mail to and from our Exchange server, and allow the outside to access our Web server through a T-1. I'm new to company, so I wasn't here when the router was setup. We currently have eight outside addresses and then NAT setup for the inside. The outside addresses are used for the router itself, our Web server, an FTP server, and outlook web, etc. I setup a VPN server, and need to give a couple of other servers outside IP addresses so that they can be accessed. Our ISP gave me eight more addresses, but of course I can't use them until I update the information on the router. I have a couple of questions:

1. To expand the IP range for the outside, do I just need to edit the line that starts ip nat pool internet...... Here's what I have now:

ip nat pool internet xxx.xxx.xxx.201 xxx.xxx.xxx.201 netmask 255.255.255.248

Do I just have to change it to:
ip nat pool interent xxx.xxx.xxx.193 xxx.xxx.xxx.193 netmask 255.255.255.240?

If I do that, and keep the router address at 201 where it used to be, is that a problem, since it's in the middle? I guess I could change it, since my users see the inside address of the router as the gateway, but what are the ramifications of doing that on the outside? Will I lose my current source list that I have (ip nat inside source static outside address inside address)?

2. I'm not sure if I've been given a new DNS server to use with this configuration change. How to I tell?

I realize these may be newbie questions. I just don't want to mess up the router and be innundated with screaming users!

 

[ChrisAC]

Could you post your full config? Also, have your ISP given you an entire new range with 14 usable addresses or just another /29 to be used with your existing /29 range?

Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[lewa8978]

My ISP just gave me eight additional addresses. The eight following the existing range were not available, so they gave me the eight before.

I know this is a verrrry stupid question, but how to I send the config to a text file so that I can paste it here?

 

[ChrisAC]

Well, if you have been given the eight before then you will have to ask your ISP if you should set your router up with two /29 ranges or one /28 range. It all depends on how they advertise the range. If you are to put the second range on then you can use a secondary address range on the routers interface. For example,

!
interface FastEthernet0
ip address aaa.bbb.ccc.ddd 255.255.255.248
ip address eee.fff.ggg.hhh 255.255.255.248 secondary
!

Or, if you can combine them into a /28 then you could just re-address your interface and use the new net mask ..

!
interface FastEthernet0
ip address aaa.bbb.ccc.ddd 255.255.255.240

Eitherway, you can write the config in a text file and then just copy and paste into the router. Just log in, conf t and then paste the file in.

Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[lewa8978]

My ISP tells me to use them in one range. I originally had xxx.xxx.xxx.200 through xxx.xxx.xxx.207, they took 200 and 208, the router is 201, so I had five addresses I could use for other resources. They expanded the addresses ti xxx.xxx.xxx.192 through xxx.xxx.xxx.207, giving me eight more addresses to use. I can leave the router at 201, but need to change the config so that I get all of the addresses in. Here's the config:

Current configuration:
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname harrisht-gw
!
enable secret 5
enable password

!
username fgc password 7
username harrisht password 7
!
!
!
!
memory-size iomem 20
ip subnet-zero
no ip domain-lookup
ip name-server xxx.xxx.xxx.xxx
!
ip audit notify log
ip audit po max-events 100
ip address-pool local
!
!
!
interface Serial0
no ip address
encapsulation frame-relay
no ip route-cache
fair-queue 64 256 0
service-module t1 timeslots 1-4
service-module t1 remote-alarm-enable
no arp frame-relay
cdp enable
frame-relay lmi-type ansi
!
interface Serial0.1 point-to-point
description PVC to
ip address 255.255.255.0
ip nat outside
no ip route-cache
frame-relay interface-dlci 314 IETF
!
interface FastEthernet0
description connected to EthernetLAN
ip address xxx.xxx.xxx.201 255.255.255.0
ip nat inside
speed auto
!
router rip
version 2
network 206.132.103.0
no auto-summary
!
ip nat pool internet xxx.xxx.xxx.201 xxx.xxx.xxx.201 netmask 255.255.255.248
ip nat inside source list 1 pool internet overload
ip nat inside source static xxx.xxx.xxx.2 xxx.xxx.xxx.202
ip nat inside source static xxx.xxx.xxx.10 xxx.xxx.xxx.204
ip nat inside source static xxx.xxx.xxx.180 xxx.xxx.xxx.205 extendable
ip nat inside source static xxx.xxx.xxx.5 xxx.xxx.xxx.206
ip nat inside source static xxx.xxx.xxx.3 xxx.xxx.xxx.203
ip classless
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx
no ip http server
!
access-list 1 permit any
dialer-list 1 protocol ip permit
snmp-server engineID local 00000009020000B0C289F8DB
snmp-server community

!
line con 0
exec-timeout 0 0
password 7
login
transport input none
line aux 0
line vty 0 4
password 7 login
!
no scheduler allocate
end