hdevaux
asked on
NAT on Cisco and LAN ports
We have an ehternet LAN connected via Cisco router to Internet. Our ISP manage the Cisco router (we have no control on it).
I would like to know if it is possible to install a new router (NAT enabled) with two ethernet ports (one on Lan, one to the other router).
The main goal is to "hide" a part of the network behind the NAT router and also be independent from our ISP.
I someone has an idea ... ;-)
TIA
Hugo
I would like to know if it is possible to install a new router (NAT enabled) with two ethernet ports (one on Lan, one to the other router).
The main goal is to "hide" a part of the network behind the NAT router and also be independent from our ISP.
I someone has an idea ... ;-)
TIA
Hugo
ASKER
Why my ISP need to add an ip route if i use actual static ip adress for the pool ? I don't understand this point.
Actually each workstation and server use a static IP adress. We want NAT to hide workstations but also (i should said mainly !) to use our static pool of IP adress for real business (web & mail server for example) and not just for browsing.
Thanks for the cisco link, i thinh it should help.
Actually each workstation and server use a static IP adress. We want NAT to hide workstations but also (i should said mainly !) to use our static pool of IP adress for real business (web & mail server for example) and not just for browsing.
Thanks for the cisco link, i thinh it should help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your help awetherold. Your last comment is a very good idea.
Sure, I hope everything works out for you.
If you truly want to hide your traffic from your ISP, I suggest using an old PC with 2 or more NICs and installing M0n0wall on it. Which will provide you functionality of encapsulating your entire traffic over pptp VPN, you can either buy services from one of the major vpn providers out there or use one of your other servers (outside the reach of your ISP in question) to achieve complete anonymity.
Another item to keep in mind, unless the ISPs router is using RIP they will need to put an ‘ip route’ statement on their router if you want the NATed subnet to see the Internet.
Here is a link on Cisco’s web page that descirbes more information.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/dial_c/dcprt11/dcnat.htm