?
Solved

Cisco 12.2(1b)

Posted on 2004-04-26
3
Medium Priority
?
266 Views
Last Modified: 2010-04-11
Current Setup:
ISP ------>Cisco2514----->LAN

1) My ISP NATS my public ip to 10.20.20.100
2) Cisco2514 NAT/PAT to 172.16.8.0/24
3) So the computers in my LAN get NATed twice.
4) I do PAT for www, mail, dns, etc...

WHAT I WANT TO DO, is this:
ISP ------>Cisco2514----->Firewall---->LAN

1) How do I get my Cisco2514 to pass all packets to the firewall?
0
Comment
Question by:mesican
  • 2
3 Comments
 
LVL 11

Expert Comment

by:PennGwyn
ID: 10923743
Assign the LAN side interface of the firewall the gateway address that the clients use (currently on LAN side of 2514).

Assign the other side interface of the firewall an address in a different private range, say 172.16.124.2/24

Change the address of the LAN side interface of the 2514 to be in the same range, say 172.16.124.1/24

Give the 2514 a route telling it that your LAN is on the other side of the firewall:

ip route 172.16.8.0 255.255.255.0 172.16.124.2

Tell the firewall to use the 2514 (172.16.124.1) as its default gateway/route.

0
 

Author Comment

by:mesican
ID: 10923825
So packets that come in not destined for the lan will still get sent to the lan side?
0
 
LVL 11

Accepted Solution

by:
PennGwyn earned 200 total points
ID: 10932292
Packets that come in destined for the LAN will get forwarded to the firewall.  Packets that come in for anywhere else (there shouldn't be any, but...) will get sent to the router's default route/gateway, which still points back to the Internet so that packets *from* the LAN can get there.  (If the ISP insists on delivering packetes that aren't for you, they'll bounce between you and the ISP until they run out of TTL.)

0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question