Router on a stick w/o secondary IP

Discussion in 'Cisco' started by KR, Jul 4, 2005.

  1. KR

    KR Guest

    I suspect it may not be possible to do what I want with a Cisco router,
    but here goes anyway:

    I have a 2620 router (IOS 12.2(5)) as a default gateway in a LAN
    (192.168.0.2 on eth0/0). I also have a PIX 515E (ver. 6.1.(2)) on the
    same LAN (192.168.0.1), with an IPSec tunnel to yet another network
    (172.20.0.0/24). The PIX is the default gateway for the 2620.

    I'd like the 2620 (or the PIX) to NAT all traffic going to a specific
    address, behind one particular IP address. All packets going to
    172.20.0.10 should appear to come from, say, 10.0.0.1. I've given up on
    the PIX; it doesn't seem to be able to NAT packets based on destination IP.

    I've turned off ICMP redirects on the 2620 to make sure no packets are
    sent directly to the PIX. I've experimented with route-maps and sending
    the packets through a loopback interface, but no matter what I do, no
    NATed packets are leaving eth0/0 on the 2620.

    Can this be done at all?
     
    KR, Jul 4, 2005
    #1
    1. Advertising

  2. In article <42c932ca$>,
    KR <> wrote:
    :I also have a PIX 515E (ver. 6.1.(2)) on the

    :I'd like the 2620 (or the PIX) to NAT all traffic going to a specific
    :address, behind one particular IP address. All packets going to
    :172.20.0.10 should appear to come from, say, 10.0.0.1. I've given up on
    :the PIX; it doesn't seem to be able to NAT packets based on destination IP.

    Upgrade to PIX 6.3 and use "policy NAT".

    6.1(2) is fairly old now, and has a number of security issues.
    You should be upgrading to at least 6.1(4) [or is it 6.1(5) ?].
    As there are known security problems even in the last 6.1(*) version,
    you could -probably- convince Cisco to give you a free upgrade
    to the latest current 6.2 version... but you might not be able to
    convince them to give you a free upgrade to PIX 6.3.


    You could also consider updating right to 7.0(1), but that needs
    more memory and is quite different internally... it might be too much
    of a change to absorb at one time. If the PIX is a "production PIX" then
    you should also take into account the adage that one should
    "Never install a dot-zero or dot-one release on a production system."
    --
    'ignorandus (Latin): "deserving not to be known"'
    -- Journal of Self-Referentialism
     
    Walter Roberson, Jul 4, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    6,474
    Vincent C Jones
    Oct 15, 2005
  2. jwv

    Sony Memory Stick Pro vs Standard Memory Stick

    jwv, Jul 17, 2003, in forum: Digital Photography
    Replies:
    13
    Views:
    1,042
    Godfrey DiGiorgi
    Jul 19, 2003
  3. Barry Lovelace

    Sony DSC-U30 Memory Stick vs. Memory Stick Pro

    Barry Lovelace, Feb 11, 2004, in forum: Digital Photography
    Replies:
    1
    Views:
    847
  4. zxcvar
    Replies:
    3
    Views:
    888
    Joe Hotchkiss
    Nov 28, 2004
  5. HandleX84
    Replies:
    0
    Views:
    666
    HandleX84
    Jun 3, 2010
Loading...

Share This Page