Question

Locked

cisco 1700 and a satellite connection with a DVB device

By Ahmed_ETS ·
greetings,

In the firm I'm working in, we recently installed a VSAT connection with the following equipments:
-Satellite modem
-Cisco 1700 router
-DVB
- and the satellite dish
- two cables coming from the satellite dish to the DVB and the satellite modem. The sat modem and the router are connected using the serial interface. Both the router's fastethernet0 and the DVB are connected using an RJ45 cable to the main switch.

the provider assigned us 14 IPs with the following mask 255.255.255.240. Two of those IPs are assigned to the fastethernet0 in the router and another for the DVB device.

but i got stuck with NAT configuration since as far as i know that i must have the IPs for the fastethernet0 and serial0 in the router but here's what i got with the running configuration in the router configuration:

interface Serial0
ip unnumbered FastEthernet0
no keepalive
no fair-queue
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server

how can I configure NAT with Port forwarding with such configuration?!! and sorry for that lengthy question.

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

I can help you, but your question is very confusing

by georgeou In reply to cisco 1700 and a satellit ...

First of all, don't ever use a satellite connection unless DSL or Cable modem is not an option and I don't care what the VSAT sales guy told you since it's the absolute worst kind of broadband connection you can get.

Your description of your setup is very confusing. I'm not sure where the DVB comes in to the picture since that's normally for TV reception. Why do you need both a DVB and a satellite modem? What do you mean by DVB and why is it connected to your "main switch". If you have a satellite modem that's connected to the serial port of your router on interface S0, then that's all you need to know as far as the Internet connection is concerned. Your DVB description is confusing the whole thing.

For NAT, all you need to know is the inside interface and the outside interface. You need to pick and assign the private IP block internal LAN port, and you need to know what the public IP block you have for the external interface. But based on your question, I have no way of knowing what your actual setup is.

Collapse -

Better

by Ahmed_ETS In reply to I can help you, but your ...

Thanks for your reply George. The configuration has also confused many who actually saw how things were installed. The DVB I'm talking about is a Novra S75 DVB-S Satellite External Data Receiver with Ethernet output. I don't know if this is going to help but the connection is meant to be used in VPN and video conferencing.
this is a simple diagram of the network setting.
http://allyoucanupload.webshots.com/v/2006335603807712191

I hope this can get me somewhere. The cables coming from the VSAT dish to the router and the DVB are "coaxial cables and the rest are the usual UTP cables and the serial between the router and the satellite modem.

Collapse -

More questions

by georgeou In reply to Better

I looked at the diagram and there appears to be two private LANs. Are you using VLAN segmentation on that switch or using a different subnetting scheme to support a different subnet?

Let me guess, the Satellite guys bill you monthly for the VPN service. I tried to talk a Japanese company out of getting Satellite over DSL service once and it was useless since they already drank the kool-aid. VoIP and Video conferencing doesn't work well on a Satellite link because of the extremely high latencies, I don't care what the Satellite salesman says.

Collapse -

no vlans

by Ahmed_ETS In reply to More questions

Thanks for your reply George. Actually both LANs have different net IDs one with 172.17.34.0/24 and the other with 192.168.111.0/24 so i was wondering how come they bring a router with one interface configured with an IP (global) not even belonging to one of those LANs. I was expecting a router with two Fast Ethernet interfaces each configured with an IP belonging to both networks, eg. 172.17.34.254 & 192.168.111.254 and without the need for a main switch that doesn't even support VLANs.
And I'de really appreciate it if you can direct me towards any articles or literature that discusses such settings because i've been googling for days. I also heard from a communication engineer i met online that some settings need to turn the Satellite modem off for a while and then turn it on again for it to adopt to the new router configuration.

I Even tried to configure the e0 with a private LAN IP and S0 with a global IP and followed the usual NAT configuration yet it didn't work.

regards,

Collapse -

Ok, I'll post the config for you later today

by georgeou In reply to no vlans

Check back here later today and I'll have the NAT config for you.

But just to clarify something for you, it is possible to run 1 or more different IP subnets in the same physical Ethernet broadcast or collision domain. While this allows you to technically have multiple subnets on the same network, it should not be considered an ideal solution and should NEVER be used as a security mechanism. VLANs on a switch allow you to have multiple broadcast domains.

Note:
A collision domain is what's referred to as a hub. A broadcast domain is a switch.

Collapse -

Here's the NAT config you need

by georgeou In reply to no vlans

I will assume the 172.17.34.0/24 attached to the Cisco 1700 but you can always swap out the IPs if the assumption is wrong.

***************************************************
Access-list 10 permit 172.17.34.0 255.255.255.0
ip nat inside source list 10 interface S0 overload

int e0
ip address 172.17.34.1 255.255.255.0
ip nat inside

int s0
ip nat outside
***************************************************

I'm assuming you've configure the IP on s0 and that you've configured DHCP or you're using static IP addresses for your PCs in the 172.17.34.0/24 subnet.

Your video conferencing gear will be attached to the same switch but it will be configured to use 192.168.111.0/24.

The two networks based on this type of configuration will not be routable nor will they be able to talk to each other.

Collapse -

DVB-S require the ip not to change

by Ahmed_ETS In reply to Here's the NAT config you ...

I'm not sure if I understood you but are you saying that the DVB has nothing to do with web browsing for example?!
The DVB-S is assigned a global IP and changing this IP will render the connection not to work. I assigned one of the stations in the 172 network a global IP (one of the 14 IPs assigned to us by the provider) and everything was working fine on that host till I changed the IP assigned to the DVB-S. So with no NATing everything is working fine but i'm limited to those 12 free global IPs. The original configuration is still confusing me:
*****************************************
int e0
IP address X.X.X.X 255.255.255.240

interface Serial0
ip unnumbered FastEthernet0
*****************************************
where X.X.X.X is also a global IP. And I already tried changing Serial0 IP to a global one with 250.250.250.240 mask, this caused the same effect as changing the DVP-S IP.

The networks are static here but defining static rules for NATing wont be a problem once I figure out how the provider got it to work in this way.


I also tried the following:
*****************************************
int e0
ip address 172.17.34.254 255.255.255.0

interface Serial0
ip X.X.X.X 255.255.255.240
*****************************************

Yet i failed to ping www.w3.org from any host in the 172 network. lol I wish i can turn the time backwards and tell the genius who recommended this solution to save his ideas to himself. Thank you for your patience George and wish you a happy new year.

Regards,

Collapse -

You need to think of the DVB as a SEPARATE system

by georgeou In reply to DVB-S require the ip not ...

You need to think of the DVB as a SEPARATE system and completely exclude it from the diagram for the sake of your data network. I was operating under the assumption that your data network behind the 1700 router is operating in the 172 network, if that's not correct then simply swap out the IP scheme in the config I gave you. The DVB is a totally different network for your Video conferencing devices and it has its own subnet.

Back to Networks Forum
9 total posts (Page 1 of 1)  

Hardware Forums