Solved

NAT on Cisco and LAN ports

Posted on 2000-04-03
6
403 Views
Last Modified: 2012-12-12
We have an ehternet LAN connected via Cisco router to Internet. Our ISP manage the Cisco router (we have no control on it).
I would like to know if it is possible to install a new router (NAT enabled) with two ethernet ports (one on Lan, one to the other router).
The main goal is to "hide" a part of the network behind the NAT router and also be independent from our ISP.

I someone has an idea ... ;-)

TIA
Hugo
0
Comment
Question by:hdevaux
  • 3
  • 2
6 Comments
 
LVL 1

Expert Comment

by:awetherhold
ID: 2684977
That should be no problem.  When you configure NAT you supply the outside address, the inside address, and the IP pool.  Typically the outside address is a serial port, but there is no reason it can’t be the second Ethernet port.  You will need a static IP address on your LAN for the IP pool.

Another item to keep in mind, unless the ISPs router is using RIP they will need to put an ‘ip route’ statement on their router if you want the NATed subnet to see the Internet.


Here is a link on Cisco’s web page that descirbes more information.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/dial_c/dcprt11/dcnat.htm
0
 
LVL 1

Author Comment

by:hdevaux
ID: 2692585
Why my ISP need to add an ip route if i use actual static ip adress for the pool ? I don't understand this point.
Actually each workstation and server use a static IP adress. We want NAT to hide workstations but also (i should said mainly !) to use our static pool of IP adress for real business (web & mail server for example) and not just for browsing.


Thanks for the cisco link, i thinh it should help.
0
 
LVL 1

Accepted Solution

by:
awetherhold earned 100 total points
ID: 2693425
Your right about the routing, you won't need to make any changes on the ISP router...

Another option you can look into is moving everything behind the NAT router (including your servers) then using the static mapping in NAT to point to those servers.  For example, you can move a mail server behind NAT, and map a real world IP address to it, and only open port 25.  That way external computers can still connect to your mail server, but only on port 25.  You have less of a worry about attacks on other ports.  It can add an extra layer of security to your network.
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 1

Author Comment

by:hdevaux
ID: 2693753
Thanks for your help awetherold. Your last comment is a very good idea.
0
 
LVL 1

Expert Comment

by:awetherhold
ID: 2694462
Sure, I hope everything works out for you.
0
 

Expert Comment

by:mave007
ID: 38685523
If you truly want to hide your traffic from your ISP, I suggest using an old PC with 2 or more NICs and installing M0n0wall on it. Which will provide you functionality of encapsulating your entire traffic over pptp VPN, you can either buy services from one of the major vpn providers out there or use one of your other servers (outside the reach of your ISP in question) to achieve complete anonymity.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now