Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Router on a stick w/o secondary IP

Reply
Thread Tools

Router on a stick w/o secondary IP

 
 
KR
Guest
Posts: n/a
 
      07-04-2005
I suspect it may not be possible to do what I want with a Cisco router,
but here goes anyway:

I have a 2620 router (IOS 12.2(5)) as a default gateway in a LAN
(192.168.0.2 on eth0/0). I also have a PIX 515E (ver. 6.1.(2)) on the
same LAN (192.168.0.1), with an IPSec tunnel to yet another network
(172.20.0.0/24). The PIX is the default gateway for the 2620.

I'd like the 2620 (or the PIX) to NAT all traffic going to a specific
address, behind one particular IP address. All packets going to
172.20.0.10 should appear to come from, say, 10.0.0.1. I've given up on
the PIX; it doesn't seem to be able to NAT packets based on destination IP.

I've turned off ICMP redirects on the 2620 to make sure no packets are
sent directly to the PIX. I've experimented with route-maps and sending
the packets through a loopback interface, but no matter what I do, no
NATed packets are leaving eth0/0 on the 2620.

Can this be done at all?
 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      07-04-2005
In article <42c932ca$(E-Mail Removed)>,
KR <(E-Mail Removed)> wrote:
:I also have a PIX 515E (ver. 6.1.(2)) on the

:I'd like the 2620 (or the PIX) to NAT all traffic going to a specific
:address, behind one particular IP address. All packets going to
:172.20.0.10 should appear to come from, say, 10.0.0.1. I've given up on
:the PIX; it doesn't seem to be able to NAT packets based on destination IP.

Upgrade to PIX 6.3 and use "policy NAT".

6.1(2) is fairly old now, and has a number of security issues.
You should be upgrading to at least 6.1(4) [or is it 6.1(5) ?].
As there are known security problems even in the last 6.1(*) version,
you could -probably- convince Cisco to give you a free upgrade
to the latest current 6.2 version... but you might not be able to
convince them to give you a free upgrade to PIX 6.3.


You could also consider updating right to 7.0(1), but that needs
more memory and is quite different internally... it might be too much
of a change to absorb at one time. If the PIX is a "production PIX" then
you should also take into account the adage that one should
"Never install a dot-zero or dot-one release on a production system."
--
'ignorandus (Latin): "deserving not to be known"'
-- Journal of Self-Referentialism
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco Router 2821 - Creating a secondary router HandleX84 Cisco 0 06-03-2010 07:14 PM
Failover from primary router to secondary router with HSRP shane.dammen@gmail.com Cisco 1 10-15-2005 03:58 PM
Differences between Sony Memory Stick & memory Stick Pro vs Memory Stick Duo? zxcvar Digital Photography 3 11-28-2004 10:48 PM
Sony DSC-U30 Memory Stick vs. Memory Stick Pro Barry Lovelace Digital Photography 1 02-11-2004 09:23 PM
Sony Memory Stick Pro vs Standard Memory Stick jwv Digital Photography 13 07-19-2003 12:04 AM



Advertisments