Solved

Cisco 12.2(1b)

Posted on 2004-04-26
3
248 Views
Last Modified: 2010-04-11
Current Setup:
ISP ------>Cisco2514----->LAN

1) My ISP NATS my public ip to 10.20.20.100
2) Cisco2514 NAT/PAT to 172.16.8.0/24
3) So the computers in my LAN get NATed twice.
4) I do PAT for www, mail, dns, etc...

WHAT I WANT TO DO, is this:
ISP ------>Cisco2514----->Firewall---->LAN

1) How do I get my Cisco2514 to pass all packets to the firewall?
0
Comment
Question by:mesican
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 11

Expert Comment

by:PennGwyn
ID: 10923743
Assign the LAN side interface of the firewall the gateway address that the clients use (currently on LAN side of 2514).

Assign the other side interface of the firewall an address in a different private range, say 172.16.124.2/24

Change the address of the LAN side interface of the 2514 to be in the same range, say 172.16.124.1/24

Give the 2514 a route telling it that your LAN is on the other side of the firewall:

ip route 172.16.8.0 255.255.255.0 172.16.124.2

Tell the firewall to use the 2514 (172.16.124.1) as its default gateway/route.

0
 

Author Comment

by:mesican
ID: 10923825
So packets that come in not destined for the lan will still get sent to the lan side?
0
 
LVL 11

Accepted Solution

by:
PennGwyn earned 50 total points
ID: 10932292
Packets that come in destined for the LAN will get forwarded to the firewall.  Packets that come in for anywhere else (there shouldn't be any, but...) will get sent to the router's default route/gateway, which still points back to the Internet so that packets *from* the LAN can get there.  (If the ISP insists on delivering packetes that aren't for you, they'll bounce between you and the ISP until they run out of TTL.)

0

Featured Post

Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question