Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Cisco 12.2(1b)

Posted on 2004-04-26
3
Medium Priority
?
261 Views
Last Modified: 2010-04-11
Current Setup:
ISP ------>Cisco2514----->LAN

1) My ISP NATS my public ip to 10.20.20.100
2) Cisco2514 NAT/PAT to 172.16.8.0/24
3) So the computers in my LAN get NATed twice.
4) I do PAT for www, mail, dns, etc...

WHAT I WANT TO DO, is this:
ISP ------>Cisco2514----->Firewall---->LAN

1) How do I get my Cisco2514 to pass all packets to the firewall?
0
Comment
Question by:mesican
  • 2
3 Comments
 
LVL 11

Expert Comment

by:PennGwyn
ID: 10923743
Assign the LAN side interface of the firewall the gateway address that the clients use (currently on LAN side of 2514).

Assign the other side interface of the firewall an address in a different private range, say 172.16.124.2/24

Change the address of the LAN side interface of the 2514 to be in the same range, say 172.16.124.1/24

Give the 2514 a route telling it that your LAN is on the other side of the firewall:

ip route 172.16.8.0 255.255.255.0 172.16.124.2

Tell the firewall to use the 2514 (172.16.124.1) as its default gateway/route.

0
 

Author Comment

by:mesican
ID: 10923825
So packets that come in not destined for the lan will still get sent to the lan side?
0
 
LVL 11

Accepted Solution

by:
PennGwyn earned 200 total points
ID: 10932292
Packets that come in destined for the LAN will get forwarded to the firewall.  Packets that come in for anywhere else (there shouldn't be any, but...) will get sent to the router's default route/gateway, which still points back to the Internet so that packets *from* the LAN can get there.  (If the ISP insists on delivering packetes that aren't for you, they'll bounce between you and the ISP until they run out of TTL.)

0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question