Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > NAT Question ....

Reply
Thread Tools

NAT Question ....

 
 
K.J. 44
Guest
Posts: n/a
 
      08-29-2006
Hi,

I have a router which is connected to a firewall. Here is
where I want the NAT and VPNs to terminate. I am having trouble
figuring out how to set this up.

If I have NAT at the firewall then information has to get from the
router to the firewall for the NAT translation. Does this mean I have
to have public IPs between the router and the firewall?

I have 5 IP addresses to work with from my carrier but I don't want to
hastily use them. How can I get information to get passed from the
router to the firewall and how should I address?

Internet ---> (public IP) router (private IP) ------- (private IP)
Firewall doing NAT and terminating VPNs (private IP) ------ LAN

Is there a way to successfully set up the above schema? If I can do
that, then I will have IP Addresses left over to do a static NAT for my
email server. That way, I can do PAT with one address for all traffic
except the mail server traffic which will have a static NAT translation
to a second public address.

I guess if I can't do that, then I can subnet my block of 5 addresses
so my outer address is configured as a point to point with my gateway
address at my carrier and then use the other addresses as a point to
point subnet between my router and firewall using the rest of the
public addresses.

Then the MX record would reflect my outer address of my firewall right?
THen I wouldn't have any addresses left to be able to create a static
NAT for my email server though. (I would use all of them creating the
public point to point between my router and firewall and so all traffic
from the inside would have to be translated using just one public
address).

Still confused at how to proceed.

Help greatly appreciated. Thank you.

 
Reply With Quote
 
 
 
 
Chad Mahoney
Guest
Posts: n/a
 
      08-30-2006

K.J. 44 wrote:
> Hi,
>
> I have a router which is connected to a firewall. Here is
> where I want the NAT and VPNs to terminate. I am having trouble
> figuring out how to set this up.
>
> If I have NAT at the firewall then information has to get from the
> router to the firewall for the NAT translation. Does this mean I have
> to have public IPs between the router and the firewall?
>
> I have 5 IP addresses to work with from my carrier but I don't want to
> hastily use them. How can I get information to get passed from the
> router to the firewall and how should I address?
>
> Internet ---> (public IP) router (private IP) ------- (private IP)
> Firewall doing NAT and terminating VPNs (private IP) ------ LAN
>
> Is there a way to successfully set up the above schema? If I can do
> that, then I will have IP Addresses left over to do a static NAT for my
> email server. That way, I can do PAT with one address for all traffic
> except the mail server traffic which will have a static NAT translation
> to a second public address.
>
> I guess if I can't do that, then I can subnet my block of 5 addresses
> so my outer address is configured as a point to point with my gateway
> address at my carrier and then use the other addresses as a point to
> point subnet between my router and firewall using the rest of the
> public addresses.
>
> Then the MX record would reflect my outer address of my firewall right?
> THen I wouldn't have any addresses left to be able to create a static
> NAT for my email server though. (I would use all of them creating the
> public point to point between my router and firewall and so all traffic
> from the inside would have to be translated using just one public
> address).
>
> Still confused at how to proceed.
>
> Help greatly appreciated. Thank you.


You would be using 2 public IP address for the router and the ASA. the
ASA would know the subnet of IP address based on the external interface
setup. so for example

router fast thernet0/0 would have 1.1.1.1/29 external IP address
ASA external interface would have 1.1.1.2/29
Then you could NAT 1.1.1.3-1.1.1.5/29 through the ASA to internal
systems on the private LAN.

 
Reply With Quote
 
 
 
 
K.J. 44
Guest
Posts: n/a
 
      08-31-2006
If I did that then I would have a public IP address on the outside of
the router, and another public in the same subnet as the outside of the
firewall, which is connected to the inside interface of the router...


internet ----- 1.1.1.1 Router (inside interface) ------- 1.1.1.2
Firewall (private LAN)

Can I simply NAT to a public address and send it the rest of the way to
through the private network and put a static route in the router? So
something like this

internet ----- 1.1.1.1 /30 ROUTER 10.1.1.1/30 -------- 10.1.1.2/30
Firewall (private LAN)


Than on the firewall have a translation:

anything from the private LAN translate source address to 1.1.1.5
anything from the mail server translate source address to 1.1.1.6

Static route on the firewall:

1.1.1.4 /30 go out inside interface

Then have my MX record point to 1.1.1.6

Would this work?

Chad Mahoney wrote:
> K.J. 44 wrote:
> > Hi,
> >
> > I have a router which is connected to a firewall. Here is
> > where I want the NAT and VPNs to terminate. I am having trouble
> > figuring out how to set this up.
> >
> > If I have NAT at the firewall then information has to get from the
> > router to the firewall for the NAT translation. Does this mean I have
> > to have public IPs between the router and the firewall?
> >
> > I have 5 IP addresses to work with from my carrier but I don't want to
> > hastily use them. How can I get information to get passed from the
> > router to the firewall and how should I address?
> >
> > Internet ---> (public IP) router (private IP) ------- (private IP)
> > Firewall doing NAT and terminating VPNs (private IP) ------ LAN
> >
> > Is there a way to successfully set up the above schema? If I can do
> > that, then I will have IP Addresses left over to do a static NAT for my
> > email server. That way, I can do PAT with one address for all traffic
> > except the mail server traffic which will have a static NAT translation
> > to a second public address.
> >
> > I guess if I can't do that, then I can subnet my block of 5 addresses
> > so my outer address is configured as a point to point with my gateway
> > address at my carrier and then use the other addresses as a point to
> > point subnet between my router and firewall using the rest of the
> > public addresses.
> >
> > Then the MX record would reflect my outer address of my firewall right?
> > THen I wouldn't have any addresses left to be able to create a static
> > NAT for my email server though. (I would use all of them creating the
> > public point to point between my router and firewall and so all traffic
> > from the inside would have to be translated using just one public
> > address).
> >
> > Still confused at how to proceed.
> >
> > Help greatly appreciated. Thank you.

>
> You would be using 2 public IP address for the router and the ASA. the
> ASA would know the subnet of IP address based on the external interface
> setup. so for example
>
> router fast thernet0/0 would have 1.1.1.1/29 external IP address
> ASA external interface would have 1.1.1.2/29
> Then you could NAT 1.1.1.3-1.1.1.5/29 through the ASA to internal
> systems on the private LAN.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
NAT Configuration question: verifying availability before NAT Sri Cisco 0 07-19-2005 02:13 PM
Identity Nat v Exemption NAT Kenny D Cisco 1 05-08-2004 03:11 PM
NAT exemption versus Static NAT. Where is the difference? Anonymous Poster Cisco 0 04-26-2004 04:29 AM
Attn: NAT Experts - 2611XM and NAT pool JCVD Cisco 1 02-13-2004 12:30 PM
NAT or Not to NAT; how to do an Internet connection for a 100-PC company ? Al Dykes Cisco 8 10-29-2003 12:34 AM



Advertisments