Setting up a Hotbrick router/firewall behind a cisco router....

I have a small LAN with about 20 PC's. My internet connection is a T1 and my gateway is a cisco 1700 router. I do not have access to the router to change any settings. I am trying to setup a Hotbrick router/firewall behind my cisco router. I think it should setup like this:

Router -------------Firewall-------------Netgear Switch-----PC's on the LAN

I'm just not sure what internal settings should be. I don't understand if RIPv1 should be turned on or off and if it's off do I manually have to setup routing tables? I've tried reading the documentation that comes with the Hotbrick, but learned nothing. Please Help....


Stiltz

 

Not familliar with that paticular Firewall but 99% of the Hardware firewalls out there use NAT in the firewall solution.
With that said you will need to contact the ISP and tell them that you need an outside IP passing all traffic because you have your own firewall solution.
Your firewall will then have a WAN ip side and a Private IP side and you can manage the traffic and ports as you see fit.

 

I didn't quite understand that. I can't do away with the cisco router and the ISP has to have remote access to the router. They manage the router not us. That is part of the contract. I assumed that the firewall would go behind the router, set a few IP settings and away I would go. I think I'm in a little over my head.

 

Stiltz what model Hotbrick?
I'll do some research once you give me a model number.

Ok maybe I can explain a little here to make you understand a little more. Hopefully some others will jump in here to help out.

Im going to assume all of your PCs in your network have private addresses. Meaning there addresses arent routable on the internet.
They would look like one of the following:
192.168.1.xxx
192.168.0.xxx
10.0.0.xxx
10.10.10.xxx
Basically either 10. or 192. are private addresses not routable on the internet.

When your PC wants to send a packet of data across the internet it sends it to the Cisco 1700. The Cisco stripps the 192 address off and puts your WAN (Wide area Network) or Internet address in it's place. And before anyone jumps in here about the OSI model I'm trying to keep it simple.

That process is called NAT (Network address translation)

I would also assume the Cisco is handling DHCP Short for Dynamic Host Configuration Protocol, a protocol for assigning dynamic IP addresses to devices on a network. With dynamic addressing, a device can have a different IP address every time it connects to the network. In some systems, the device's IP address can even change while it is still connected. DHCP also supports a mix of static and dynamic IP addresses.

If you stuck the Hot Brick in just like your system is configured you would have double NAT because your packets would be routed through 2 private networks before it saw the internet. The Hotbrick would route from one network to the next and then the Cisco would do the same thing. That could cause some problems down the road that we need to avoid.

Basically the Cisco will stay in place because it's probably your T-1 Modem unless there is a Adtran in place too.

You will plug into the Hotbrick on the LAN side and get it configured without putting it phyiscally in place yet.
When its ready you will contact your ISP and tell them you are going to provide your own firewall solution.
They will need to Turn off DHCP and give you an IP and subnet mask to put into the Hotbrick on the WAN side.
Diffrent ISPs have diffrent names but we call it a /30 which basically means you have 3 static IPs. One for your WAN, One for the Cisco, and One for Broadcast. with a 255.255.255.248 Subnet Mask.

I can tell ya it's a whole lot easier for me to just do it instead of typing it here. So, I hope you read this.