NAT and Routing Question

- K
- K.J. 44
  
  Contact options for registered users
posted
17 years ago

Mon, Aug 28, 2006 3:24 PM

Hi,

I have a router which is hooked to an ASA. I have an Internet T1.

Internet ----> Router ----> ASA ----> LAN (includes single server with Exchange) | |___ DMZ

I have a NAT question. How do I pass traffic to my ASA from the router? What I want is for all traffic inbound to go through some ACL's on the router then get handed to the ASA for further inspection and decision making and NAT. But because I am doing NAT at the ASA (because that is where VPNs will terminate), how do I get the router to forward the packets the right way? (outbound out to the T1 and inbound to the ASA). The address that the NAT will be change to will be the public IP address, which will be the address of the outside interface on the router. Is there a way to tell the router to send anything with the address of the outside interface to the ASA?

I am slightly confused....

Loading thread data ...

- W
- Walter Roberson
  
  Contact options for registered users
Vote on answer
posted
17 years ago

Tue, Aug 29, 2006 6:21 AM

If you have multiple public IPs, then assign a different one to the ASA.

If you have only a single public IP, then let the router do a layer of NAT.

I'm not familiar enough with the NAT facilities of IOS to say whether it is possible to forward all the "unused" ports (not used by IOS) to somewhere. Possibly it could be done, but using the same public IP in multiple places must be done very carefully.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.