Trying to Bridge From a S0 Int to a Sub if Fast Eth Int

[mitelritz]

trying to get the T1 internet to come in on the S0/0/0 on a 1841 router

but what exactly im trying to do in this case is use the current Fast ethernet 0/1 interface which is connected to our switch and the only other port left on the 1841 router

to be able to hold 2 different ip subnets one from the T1 internet so i can statically set a computer on our switch to one of the statics from the T1 and the other one on 192.168.11.3 for our route out so im not to sure if this can even be done but heres the config






AmtecLV1841#sh run
Building configuration...

Current configuration : 14212 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname AmtecLV1841
!
boot-start-marker
boot system flash
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 5
logging buffered 51200 debugging
logging console critical
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login User_Database local
aaa authorization network MGMT local
!
aaa session-id common
clock timezone PST -8
no ip source-route
ip cef
!
!
ip inspect name Firewall cuseeme
ip inspect name Firewall ftp
ip inspect name Firewall h323
ip inspect name Firewall netshow
ip inspect name Firewall rcmd
ip inspect name Firewall realaudio
ip inspect name Firewall rtsp
ip inspect name Firewall sqlnet
ip inspect name Firewall streamworks
ip inspect name Firewall tftp
ip inspect name Firewall tcp
ip inspect name Firewall udp
ip inspect name Firewall vdolive
ip inspect name Firewall icmp
ip inspect name Firewall esmtp
ip tcp path-mtu-discovery
ip telnet source-interface FastEthernet0/1
!
!
no ip bootp server
ip domain name amtec.local
ip name-server 24.17.154.10
ip name-server 4.2.2.2
ip name-server 4.2.2.4
!
!
crypto pki trustpoint TP-self-signed-1297439676
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1297439676
revocation-check none
rsakeypair TP-self-signed-1297439676
!
!
crypto pki certificate chain TP-self-signed-1297439676
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31323937 34333936 3736301E 170D3038 30363033 30303334
32355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 32393734
33393637 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100F083 C067FEEF 61980CA5 4D65E09B 2CB66C4D 38A34BD3 CCCB831C 8E6F430E
1EFE4840 A5778142 CA510B0B C93C38BA 5446D974 D96D7991 85B22211 0D7B7078
5360F473 39FFE9B7 B64E106B DBFC54C4 AF8522BD CAB60009 124830E4 753F1755
3986BC13 7C0CDB20 0D76975E 21017617 9E856EF2 266CBF57 8DBF8B34 26029160
E9B50203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17416D74 65634C56 31383431 2E616D74 65632E6C 6F63616C
301F0603 551D2304 18301680 14BE564E 9D8F6EB4 2054D507 E7C40024 C51DD6E7
49301D06 03551D0E 04160414 BE564E9D 8F6EB420 54D507E7 C40024C5 1DD6E749
300D0609 2A864886 F70D0101 04050003 8181005A 8D5FA583 76F9B5D3 8455A35E
91FD5140 ADF27A6C BEBA0251 3B69BFE1 099547E6 E00879EB 7198C760 6836819B
76A30464 B6AF4AD7 856CF7DF 50ABCCF2 012E5A29 B6E78395 7A48D72B 3AE41744
21119E86 5A8990C1 F0B4095D 1373D39A 039EA2EC F4DE205D 31EF6127 B49E5237
2A1B9625 A875EED3 7D6E9E6D 6975EF8F F256D8

!
!
class-map match-any IP_Node
match access-group 104
!
!
policy-map VoIP_Priority
class IP_Node
set ip dscp ef
priority 256
class class-default
fair-queue
random-detect
policy-map QoS
class class-default
shape average 500000 5000 0
service-policy VoIP_Priority
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
encr 3des
authentication pre-share
group 2
lifetime 28800
!
crypto isakmp client configuration group MGMT
key lalalala
dns 192.168.11.1 64.67.1.1
wins 192.168.11.1
domain amtec.local
pool VPN_IPs
acl 105
max-users 3
max-logins 3
netmask 255.255.255.0
crypto isakmp profile 1
description Tunnel to San Bernardino
keyring 1
match identity address 74.46.3.24 255.255.255.255
crypto isakmp profile 2
description VPN Client profile
match identity group MGMT
client authentication list User_Database
isakmp authorization list MGMT
client configuration address respond
crypto isakmp profile 3
description Tunnel to Russ's House
keyring 2
match identity address 0.0.0.0
!
!
crypto ipsec transform-set Transform_Set_1 esp-3des esp-sha-hmac
crypto ipsec df-bit clear
!
crypto dynamic-map Site-to-Site 3
set transform-set Transform_Set_1
set isakmp-profile 3
!
crypto dynamic-map VPN_Client 2
set security-association idle-time 1800
set transform-set Transform_Set_1
set isakmp-profile 2
reverse-route
!
!
crypto map VPN_Tunnel 1 ipsec-isakmp
description Tunnel to San Bernardino
set peer 74.56.8.241
set transform-set Transform_Set_1
set isakmp-profile 1
match address 100
qos pre-classify
crypto map VPN_Tunnel 2 ipsec-isakmp dynamic VPN_Client
crypto map VPN_Tunnel 3 ipsec-isakmp dynamic Site-to-Site
!
!
!
interface Loopback0
description Virtual NAT Interface
ip address 1.1.1.1 255.255.255.252
!
interface Null0
no ip unreachables
!
interface FastEthernet0/0
description Connected to TelePacific Internet$FW_OUTSIDE$
ip address 241.80.156.46 255.255.255.128
ip access-group 103 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
ip directed-broadcast
ip inspect Firewall out
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no cdp enable
crypto map VPN_Tunnel
crypto ipsec fragmentation before-encryption
!
interface FastEthernet0/1
description $FW_INSIDE$
ip address 192.168.11.3 255.255.255.0
ip access-group 102 in
no ip redirects
no ip unreachables
ip directed-broadcast
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip policy route-map NAT_Filter
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
no ip redirects
no ip unreachables
encapsulation ppp
service-module t1 timeslots 1-24
!
ip local pool VPN_IPs 192.168.255.1 192.168.255.10
ip default-gateway 241.80.156.1
ip forward-protocol udp netbios-ss
ip route 0.0.0.0 0.0.0.0 241.80.156.1
ip route 192.168.14.0 255.255.255.0 192.168.11.2
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source route-map Nat interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.11.33 20 241.80.156.46 20 extendable
ip nat inside source static tcp 192.168.11.33 21 241.80.156.46 21 extendable
ip nat inside source static tcp 192.168.11.1 25 241.80.156.46 25 extendable
ip nat inside source static tcp 192.168.11.1 80 241.80.156.46 80 extendable
ip nat inside source static tcp 192.168.11.1 443 241.80.156.46 443 extendable
ip nat inside source static tcp 192.168.11.1 3389 241.80.156.46 3389 extendable
ip nat inside source static tcp 192.168.11.1 4125 241.80.156.46 4125 extendable
ip nat inside source static udp 192.168.14.2 5060 241.80.156.46 5060 extendable
ip nat inside source static tcp 192.168.11.30 5800 241.80.156.46 5800 extendable
ip nat inside source static tcp 192.168.11.30 5900 241.80.156.46 5900 extendable
ip nat inside source static tcp 192.168.14.24 37000 241.80.156.46 37000 extendable
!
access-list 100 permit ip 192.168.11.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 100 permit ip 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 100 permit ip 192.168.255.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 100 permit ip 192.168.14.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 100 permit ip 192.168.3.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 100 permit ip 192.168.10.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 101 deny ip 192.168.11.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 deny ip 192.168.11.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 101 deny ip 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 deny ip 192.168.11.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 101 deny ip 192.168.11.0 0.0.0.255 192.168.255.0 0.0.0.255
access-list 101 deny ip 192.168.14.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 deny ip 192.168.14.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 101 deny ip 192.168.14.0 0.0.0.255 192.168.255.0 0.0.0.255
access-list 101 deny ip 192.168.255.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 deny ip 192.168.3.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 permit ip 192.168.11.0 0.0.0.255 any
access-list 101 permit ip 192.168.14.0 0.0.0.255 any
access-list 102 remark SDM_ACL Category=17
access-list 102 deny ip 241.80.156.0 0.0.0.127 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 permit ip host 192.168.11.28 192.168.254.0 0.0.0.255
access-list 102 permit ip host 192.168.14.2 host 20.23.14.37
access-list 102 permit ip host 29.23.104.37 host 192.168.14.2
access-list 102 permit ip host 192.168.14.2 192.168.254.0 0.0.0.255
access-list 102 permit ip 192.168.14.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 102 deny ip 192.168.11.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 102 deny icmp any 192.168.254.0 0.0.0.255
access-list 102 permit ip any any
access-list 103 permit ip 192.168.10.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 103 permit ip 192.168.10.0 0.0.0.255 192.168.255.0 0.0.0.255
access-list 103 permit ahp any host 241.80.156.46
access-list 103 permit esp any host 241.80.156.46
access-list 103 permit ip host 19.23.14.37 host 192.168.14.2
access-list 103 permit ip host 192.168.14.2 host 29.103.14.47
access-list 103 permit udp any host 241.80.156.46 eq isakmp
access-list 103 permit udp any host 241.80.156.46 eq non500-isakmp
access-list 103 permit esp any any
access-list 103 permit gre any any
access-list 103 permit tcp any any eq 1723
access-list 103 permit ip 192.168.2.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 103 permit ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 103 permit ip 192.168.10.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 103 permit ip 192.168.254.0 0.0.0.255 host 192.168.11.28
access-list 103 permit ip 192.168.254.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 103 deny ip 192.168.254.0 0.0.0.255 any
access-list 103 permit ip 192.168.255.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 103 permit ip 192.168.255.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 103 permit ip 192.168.255.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 103 deny icmp 192.168.254.0 0.0.0.255 any
access-list 103 deny icmp any host 241.80.156.46
access-list 103 permit icmp any any echo-reply
access-list 103 permit icmp any any time-exceeded
access-list 103 permit icmp any any timestamp-reply
access-list 103 permit icmp any any traceroute
access-list 103 permit icmp any any unreachable
access-list 103 deny icmp any any
access-list 103 permit udp any any eq ntp
access-list 103 permit tcp any host 241.80.156.46 eq 161
access-list 103 permit tcp any host 241.80.156.46 eq 162
access-list 103 permit udp any host 241.80.156.46 eq snmp
access-list 103 permit udp any host 241.80.156.46 eq snmptrap
access-list 103 permit udp host 279.21.144.14 host 241.80.156.46 eq 5060
access-list 103 permit tcp any host 241.80.156.46 eq smtp
access-list 103 permit tcp any host 241.80.156.46 eq www
access-list 103 permit tcp any host 241.80.156.46 eq 443
access-list 103 permit tcp any host 241.80.156.46 eq 3389
access-list 103 permit tcp any host 241.80.156.46 eq 4125
access-list 103 permit tcp any host 241.80.156.46 eq 37000
access-list 103 permit tcp any host 241.80.156.46 eq ftp
access-list 103 permit tcp any host 241.80.156.46 eq ftp-data
access-list 103 deny ip 192.168.11.0 0.0.0.255 any
access-list 103 deny ip 10.0.0.0 0.255.255.255 any
access-list 103 deny ip 172.16.0.0 0.15.255.255 any
access-list 103 deny ip 192.168.0.0 0.0.255.255 any
access-list 103 deny ip 127.0.0.0 0.255.255.255 any
access-list 103 deny ip host 255.255.255.255 any
access-list 103 deny ip host 0.0.0.0 any
access-list 103 deny ip any any log
access-list 104 permit ip host 192.168.14.2 any
access-list 104 permit ip any host 192.168.14.2
access-list 104 permit ip 192.168.14.0 0.0.0.255 0.0.0.0 255.255.255.0
access-list 104 remark IP Nodes / Phones
access-list 105 permit ip 192.168.10.0 0.0.0.255 192.168.255.0 0.0.0.255
*********************************************************************************
* *
* This is a private computer system. *
* Unauthorized Access is prohibited. All Access is logged. *
* Any unauthorized access will be prosecuted to the fullest extent of the law. *
* *
*********************************************************************************
^C
!
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
sntp server 214.15.148.40
end

 

[burtsbees]

So, what device is fa0/0 connected to now???

Burt

 

[mitelritz]

oops sorry the fa 0/0 is for our primary isp.... and the data t1 is for our voice traffic (sip trunking) vpn and a few statics for like test servers

 

[mitelritz]

as in network diagram hope this helps

Cisco 1841 router

wic slot 0 T1------Secondary ISP SmartJack (Voice Traffic)..(VPN)
FE0/0 -------------Primary ISP Ethernet
FE0/1 -------------Connected to HP procurve Switch


Aiming for to Use the 16 Statics From the T1 across the same ethernet Wire connected to the HP procurve Switch (FE0/1).... and to be able to connect a pc or router to that Procurve switch and Assign the Ip address of a static IP address outside the 172 192 or 10 range..

its almost like the setup of like what ISPs use to convert a T1 to a ethernet. with their equipment ive seen at alot of sites.

Hope that helps a little
and thank you for the help ahead of time

 

[mitelritz]

If i were to do transparent Briding which set of commands would i use..


Thanks