Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > IP Addressing

Reply
Thread Tools

IP Addressing

 
 
K.J. 44
Guest
Posts: n/a
 
      09-06-2006
One more quick question (if this post isn't too old to get picked up
anymore). I am running ISA as well on the exchange server. How would
the static NAT work with that? Does ISA make the request for each
host? therefore, would every packet travelling to the ASA have the IP
Address of the ISA server (and thus the same as the mail server)?

Thanks.


Igor Mamuzic wrote:
> I don't know which firewall you have, but if it's able to do NAT on IP
> addresses that aren't applied to any of interfaces (as Cisco does) then you
> can keep your existing addressing scheme (keep private addressing between
> firewall and router). On the firewall create a static NAT entry as I wrote
> you in my previous post and then on the router create a static route that
> points to public IP address (the one on which you translated your Exchange)
> and as a gateway for that static route use your firewall's ip address that
> connects to the router.
>
> Here is the example:
> on the firewall (I'll assume that you have additional Cisco router as a
> firewall, but even if you don't you'll understand what I'm doing):
> !we 're doing NAT to publish my Exchange server on the Internet
> FIREWALL(config)#ip nat inside source static 192.168.10.1 200.200.200.1
>
> on the router:
> !we are creating a static route that enables my router to route to exchange
> public IP address using firewall interface private address as a gateway:
> ROUTER(config)#ip route 200.200.200.1 255.255.255.255 192.168.40.1
>
> and that's it....try to implement this and tell me if it does job for you...
>
> B.R.
> Igor
>
>
>
> "K.J. 44" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ups.com...
> >I guess if I can't do that, then I can subnet my block of 5 addresses
> > so my outer address is configured as a point to point with my gateway
> > address at my carrier and then use the other addresses as a point to
> > point subnet between my router and firewall using the rest of the
> > public addresses.
> >
> > Then the MX record would reflect my outer address of my firewall right?
> > THen I wouldn't have any addresses left to be able to create a static
> > NAT for my email server though. (I would use all of them creating the
> > public point to point between my route and firewall).
> >
> > Still confused at how to proceed.
> >
> > Help greatly appreciated. Thank you.
> >
> > K.J. 44 wrote:
> >> What i have is a router which is connected to a firewall. Here is
> >> where I want the NAT and VPNs to terminate. I am having trouble
> >> figuring out how to set this up.
> >>
> >> If I have NAT at the firewall then information has to get from the
> >> router to the firewall for the NAT translation. Does this mean I have
> >> to have public IPs between the router and the firewall?
> >>
> >> I have 5 IP addresses to work with from my carrier but I don't want to
> >> hastily use them. How can I get information to get passed from the
> >> router to the firewall and how should I address?
> >>
> >> Internet ---> (public IP) router (private IP) ------- (private IP)
> >> Firewall doing NAT and terminating VPNs (private IP) ------ LAN
> >>
> >> Is there a way to successfully set up the above schema?
> >>
> >> thanks.
> >> Igor Mamuzic wrote:
> >> > If you have IP address that you can assign only for Exchange, then use
> >> > pure
> >> > static NAT that isn't related with public ip address assigned to your
> >> > external or any physical / logical interface. In Cisco IOS type:
> >> > ip nat inside source static private_address exchange_public_ip
> >> > Then on inbound ACL applied onto external interface permit traffic from
> >> > any
> >> > internet host onto your exchange_public_ip:
> >> > access-list 100 permit tcp any host exchange_public_ip eq 25
> >> >
> >> > that's it
> >> >
> >> > B.R.
> >> > Igor
> >> >
> >> >
> >> > "K.J. 44" <(E-Mail Removed)> wrote in message
> >> > news:(E-Mail Removed) oups.com...
> >> > > Thanks for the reply. What i have is a T1 terminating at a router,
> >> > > which is hooked to a firewall that I want to do NAT, which is hooked
> >> > > into the LAN. In the LAN i have a single server. that server is
> >> > > going
> >> > > to be running Exchange for mail. I am given five IP addresses from
> >> > > my
> >> > > carrier. Everything is inside the firewall on the private addressing
> >> > > side of the NAT box.
> >> > >
> >> > > I am trying to figure out the best way to set this up. I have so far
> >> > > used a single public IP on the public side of my router and all other
> >> > > connections are using private addressing (between the router and the
> >> > > firewall, and the firewall and the inside network).
> >> > >
> >> > > Do I just make my MX record the public IP on the router's interface
> >> > > and
> >> > > then in my router ACLs allow traffic to come in on port 25?
> >> > >
> >> > > Thanks.
> >> > >
> >> > > Doug McIntyre wrote:
> >> > >> "K.J. 44" <(E-Mail Removed)> writes:
> >> > >> >I have an internal server that is going to be hosting an exchange
> >> > >> >server. When I have my MX record point to an IP address, do I need
> >> > >> >to
> >> > >> >have it point to the external interface on my router at the edge of
> >> > >> >my
> >> > >> >network? Can I have two IPs on there, one for mail and another for
> >> > >> >all
> >> > >> >other traffic (so I can do a static NAT, if it comes in to this
> >> > >> >address, send it as mail to the server)?
> >> > >>
> >> > >> Yes, you'd have to have the MX pointing to the external IP you have.
> >> > >>
> >> > >> If you publish an internal IP globally, nobody will be able to route
> >> > >> to your server, you have to publish the external IP..
> >> > >>
> >> > >> Really depends quitealot on what you have for your firewall device
> >> > >> on
> >> > >> the outside doing NAT. There's certainly many other there that will
> >> > >> let you have multiple outside public IPs and do the mapping you want
> >> > >> to do. Of course, you'd have to have multiple external IPs from your
> >> > >> ISP as well.
> >> > >

> >


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Network Infrastructure IP address re-addressing Niche Cisco 1 01-12-2005 05:08 AM
addressing modes controller source code Roberto VHDL 1 11-22-2004 05:54 PM
call manager re-addressing Bill F Cisco 1 05-17-2004 05:51 PM
setting relative addressing in composer refuses to work ken Firefox 0 12-10-2003 07:11 PM
Addressing the recent Cisco IOS bug totojepast Cisco 10 07-25-2003 05:15 PM



Advertisments