Cisco 12.2(1b)

Current Setup:
ISP ------>Cisco2514----->LAN

1) My ISP NATS my public ip to 10.20.20.100
2) Cisco2514 NAT/PAT to 172.16.8.0/24
3) So the computers in my LAN get NATed twice.
4) I do PAT for www, mail, dns, etc...

WHAT I WANT TO DO, is this:
ISP ------>Cisco2514----->Firewall---->LAN

1) How do I get my Cisco2514 to pass all packets to the firewall?
mesicanAsked:
Who is Participating?
 
PennGwynCommented:
Packets that come in destined for the LAN will get forwarded to the firewall.  Packets that come in for anywhere else (there shouldn't be any, but...) will get sent to the router's default route/gateway, which still points back to the Internet so that packets *from* the LAN can get there.  (If the ISP insists on delivering packetes that aren't for you, they'll bounce between you and the ISP until they run out of TTL.)

0
 
PennGwynCommented:
Assign the LAN side interface of the firewall the gateway address that the clients use (currently on LAN side of 2514).

Assign the other side interface of the firewall an address in a different private range, say 172.16.124.2/24

Change the address of the LAN side interface of the 2514 to be in the same range, say 172.16.124.1/24

Give the 2514 a route telling it that your LAN is on the other side of the firewall:

ip route 172.16.8.0 255.255.255.0 172.16.124.2

Tell the firewall to use the 2514 (172.16.124.1) as its default gateway/route.

0
 
mesicanAuthor Commented:
So packets that come in not destined for the lan will still get sent to the lan side?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.