Questions

cisco 1700 and a satellite connection with a DVB device

Tags:
+
0 Votes
Locked

cisco 1700 and a satellite connection with a DVB device

Ahmed_ETS
greetings,

In the firm I'm working in, we recently installed a VSAT connection with the following equipments:
-Satellite modem
-Cisco 1700 router
-DVB
- and the satellite dish
- two cables coming from the satellite dish to the DVB and the satellite modem. The sat modem and the router are connected using the serial interface. Both the router's fastethernet0 and the DVB are connected using an RJ45 cable to the main switch.

the provider assigned us 14 IPs with the following mask 255.255.255.240. Two of those IPs are assigned to the fastethernet0 in the router and another for the DVB device.

but i got stuck with NAT configuration since as far as i know that i must have the IPs for the fastethernet0 and serial0 in the router but here's what i got with the running configuration in the router configuration:

interface Serial0
ip unnumbered FastEthernet0
no keepalive
no fair-queue
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server

how can I configure NAT with Port forwarding with such configuration?!! and sorry for that lengthy question.
  • +
    0 Votes
    georgeou

    First of all, don't ever use a satellite connection unless DSL or Cable modem is not an option and I don't care what the VSAT sales guy told you since it's the absolute worst kind of broadband connection you can get.

    Your description of your setup is very confusing. I'm not sure where the DVB comes in to the picture since that's normally for TV reception. Why do you need both a DVB and a satellite modem? What do you mean by DVB and why is it connected to your "main switch". If you have a satellite modem that's connected to the serial port of your router on interface S0, then that's all you need to know as far as the Internet connection is concerned. Your DVB description is confusing the whole thing.

    For NAT, all you need to know is the inside interface and the outside interface. You need to pick and assign the private IP block internal LAN port, and you need to know what the public IP block you have for the external interface. But based on your question, I have no way of knowing what your actual setup is.

    +
    0 Votes
    Ahmed_ETS

    Thanks for your reply George. The configuration has also confused many who actually saw how things were installed. The DVB I'm talking about is a Novra S75 DVB-S Satellite External Data Receiver with Ethernet output. I don't know if this is going to help but the connection is meant to be used in VPN and video conferencing.
    this is a simple diagram of the network setting.
    http://allyoucanupload.webshots.com/v/2006335603807712191

    I hope this can get me somewhere. The cables coming from the VSAT dish to the router and the DVB are "coaxial cables and the rest are the usual UTP cables and the serial between the router and the satellite modem.

    +
    0 Votes
    georgeou

    I looked at the diagram and there appears to be two private LANs. Are you using VLAN segmentation on that switch or using a different subnetting scheme to support a different subnet?

    Let me guess, the Satellite guys bill you monthly for the VPN service. I tried to talk a Japanese company out of getting Satellite over DSL service once and it was useless since they already drank the kool-aid. VoIP and Video conferencing doesn't work well on a Satellite link because of the extremely high latencies, I don't care what the Satellite salesman says.

    +
    0 Votes
    Ahmed_ETS

    Thanks for your reply George. Actually both LANs have different net IDs one with 172.17.34.0/24 and the other with 192.168.111.0/24 so i was wondering how come they bring a router with one interface configured with an IP (global) not even belonging to one of those LANs. I was expecting a router with two Fast Ethernet interfaces each configured with an IP belonging to both networks, eg. 172.17.34.254 & 192.168.111.254 and without the need for a main switch that doesn't even support VLANs.
    And I'de really appreciate it if you can direct me towards any articles or literature that discusses such settings because i've been googling for days. I also heard from a communication engineer i met online that some settings need to turn the Satellite modem off for a while and then turn it on again for it to adopt to the new router configuration.

    I Even tried to configure the e0 with a private LAN IP and S0 with a global IP and followed the usual NAT configuration yet it didn't work.

    regards,

    +
    0 Votes
    georgeou

    Check back here later today and I'll have the NAT config for you.

    But just to clarify something for you, it is possible to run 1 or more different IP subnets in the same physical Ethernet broadcast or collision domain. While this allows you to technically have multiple subnets on the same network, it should not be considered an ideal solution and should NEVER be used as a security mechanism. VLANs on a switch allow you to have multiple broadcast domains.

    Note:
    A collision domain is what's referred to as a hub. A broadcast domain is a switch.

    +
    0 Votes
    georgeou

    I will assume the 172.17.34.0/24 attached to the Cisco 1700 but you can always swap out the IPs if the assumption is wrong.

    ***************************************************
    Access-list 10 permit 172.17.34.0 255.255.255.0
    ip nat inside source list 10 interface S0 overload

    int e0
    ip address 172.17.34.1 255.255.255.0
    ip nat inside

    int s0
    ip nat outside
    ***************************************************

    I'm assuming you've configure the IP on s0 and that you've configured DHCP or you're using static IP addresses for your PCs in the 172.17.34.0/24 subnet.

    Your video conferencing gear will be attached to the same switch but it will be configured to use 192.168.111.0/24.

    The two networks based on this type of configuration will not be routable nor will they be able to talk to each other.

    +
    0 Votes
    Ahmed_ETS

    I'm not sure if I understood you but are you saying that the DVB has nothing to do with web browsing for example?!
    The DVB-S is assigned a global IP and changing this IP will render the connection not to work. I assigned one of the stations in the 172 network a global IP (one of the 14 IPs assigned to us by the provider) and everything was working fine on that host till I changed the IP assigned to the DVB-S. So with no NATing everything is working fine but i'm limited to those 12 free global IPs. The original configuration is still confusing me:
    *****************************************
    int e0
    IP address X.X.X.X 255.255.255.240

    interface Serial0
    ip unnumbered FastEthernet0
    *****************************************
    where X.X.X.X is also a global IP. And I already tried changing Serial0 IP to a global one with 250.250.250.240 mask, this caused the same effect as changing the DVP-S IP.

    The networks are static here but defining static rules for NATing wont be a problem once I figure out how the provider got it to work in this way.


    I also tried the following:
    *****************************************
    int e0
    ip address 172.17.34.254 255.255.255.0

    interface Serial0
    ip X.X.X.X 255.255.255.240
    *****************************************

    Yet i failed to ping www.w3.org from any host in the 172 network. lol I wish i can turn the time backwards and tell the genius who recommended this solution to save his ideas to himself. Thank you for your patience George and wish you a happy new year.

    Regards,

    +
    0 Votes
    georgeou

    You need to think of the DVB as a SEPARATE system and completely exclude it from the diagram for the sake of your data network. I was operating under the assumption that your data network behind the 1700 router is operating in the 172 network, if that's not correct then simply swap out the IP scheme in the config I gave you. The DVB is a totally different network for your Video conferencing devices and it has its own subnet.

  • +
    0 Votes
    georgeou

    First of all, don't ever use a satellite connection unless DSL or Cable modem is not an option and I don't care what the VSAT sales guy told you since it's the absolute worst kind of broadband connection you can get.

    Your description of your setup is very confusing. I'm not sure where the DVB comes in to the picture since that's normally for TV reception. Why do you need both a DVB and a satellite modem? What do you mean by DVB and why is it connected to your "main switch". If you have a satellite modem that's connected to the serial port of your router on interface S0, then that's all you need to know as far as the Internet connection is concerned. Your DVB description is confusing the whole thing.

    For NAT, all you need to know is the inside interface and the outside interface. You need to pick and assign the private IP block internal LAN port, and you need to know what the public IP block you have for the external interface. But based on your question, I have no way of knowing what your actual setup is.

    +
    0 Votes
    Ahmed_ETS

    Thanks for your reply George. The configuration has also confused many who actually saw how things were installed. The DVB I'm talking about is a Novra S75 DVB-S Satellite External Data Receiver with Ethernet output. I don't know if this is going to help but the connection is meant to be used in VPN and video conferencing.
    this is a simple diagram of the network setting.
    http://allyoucanupload.webshots.com/v/2006335603807712191

    I hope this can get me somewhere. The cables coming from the VSAT dish to the router and the DVB are "coaxial cables and the rest are the usual UTP cables and the serial between the router and the satellite modem.

    +
    0 Votes
    georgeou

    I looked at the diagram and there appears to be two private LANs. Are you using VLAN segmentation on that switch or using a different subnetting scheme to support a different subnet?

    Let me guess, the Satellite guys bill you monthly for the VPN service. I tried to talk a Japanese company out of getting Satellite over DSL service once and it was useless since they already drank the kool-aid. VoIP and Video conferencing doesn't work well on a Satellite link because of the extremely high latencies, I don't care what the Satellite salesman says.

    +
    0 Votes
    Ahmed_ETS

    Thanks for your reply George. Actually both LANs have different net IDs one with 172.17.34.0/24 and the other with 192.168.111.0/24 so i was wondering how come they bring a router with one interface configured with an IP (global) not even belonging to one of those LANs. I was expecting a router with two Fast Ethernet interfaces each configured with an IP belonging to both networks, eg. 172.17.34.254 & 192.168.111.254 and without the need for a main switch that doesn't even support VLANs.
    And I'de really appreciate it if you can direct me towards any articles or literature that discusses such settings because i've been googling for days. I also heard from a communication engineer i met online that some settings need to turn the Satellite modem off for a while and then turn it on again for it to adopt to the new router configuration.

    I Even tried to configure the e0 with a private LAN IP and S0 with a global IP and followed the usual NAT configuration yet it didn't work.

    regards,

    +
    0 Votes
    georgeou

    Check back here later today and I'll have the NAT config for you.

    But just to clarify something for you, it is possible to run 1 or more different IP subnets in the same physical Ethernet broadcast or collision domain. While this allows you to technically have multiple subnets on the same network, it should not be considered an ideal solution and should NEVER be used as a security mechanism. VLANs on a switch allow you to have multiple broadcast domains.

    Note:
    A collision domain is what's referred to as a hub. A broadcast domain is a switch.

    +
    0 Votes
    georgeou

    I will assume the 172.17.34.0/24 attached to the Cisco 1700 but you can always swap out the IPs if the assumption is wrong.

    ***************************************************
    Access-list 10 permit 172.17.34.0 255.255.255.0
    ip nat inside source list 10 interface S0 overload

    int e0
    ip address 172.17.34.1 255.255.255.0
    ip nat inside

    int s0
    ip nat outside
    ***************************************************

    I'm assuming you've configure the IP on s0 and that you've configured DHCP or you're using static IP addresses for your PCs in the 172.17.34.0/24 subnet.

    Your video conferencing gear will be attached to the same switch but it will be configured to use 192.168.111.0/24.

    The two networks based on this type of configuration will not be routable nor will they be able to talk to each other.

    +
    0 Votes
    Ahmed_ETS

    I'm not sure if I understood you but are you saying that the DVB has nothing to do with web browsing for example?!
    The DVB-S is assigned a global IP and changing this IP will render the connection not to work. I assigned one of the stations in the 172 network a global IP (one of the 14 IPs assigned to us by the provider) and everything was working fine on that host till I changed the IP assigned to the DVB-S. So with no NATing everything is working fine but i'm limited to those 12 free global IPs. The original configuration is still confusing me:
    *****************************************
    int e0
    IP address X.X.X.X 255.255.255.240

    interface Serial0
    ip unnumbered FastEthernet0
    *****************************************
    where X.X.X.X is also a global IP. And I already tried changing Serial0 IP to a global one with 250.250.250.240 mask, this caused the same effect as changing the DVP-S IP.

    The networks are static here but defining static rules for NATing wont be a problem once I figure out how the provider got it to work in this way.


    I also tried the following:
    *****************************************
    int e0
    ip address 172.17.34.254 255.255.255.0

    interface Serial0
    ip X.X.X.X 255.255.255.240
    *****************************************

    Yet i failed to ping www.w3.org from any host in the 172 network. lol I wish i can turn the time backwards and tell the genius who recommended this solution to save his ideas to himself. Thank you for your patience George and wish you a happy new year.

    Regards,

    +
    0 Votes
    georgeou

    You need to think of the DVB as a SEPARATE system and completely exclude it from the diagram for the sake of your data network. I was operating under the assumption that your data network behind the 1700 router is operating in the 172 network, if that's not correct then simply swap out the IP scheme in the config I gave you. The DVB is a totally different network for your Video conferencing devices and it has its own subnet.