Hi Everyone, Being new to this group I am also new to the etiquette so please excuse me in advance if I have left something out or being lame. I am not a Cisco person but I have programmed the IOS before and created NATs, static routes, policy-maps etc and understand the most intermediate level networking topics (from an abstract point of view anyway due to writing distributed software), so please don't be rough on me if the question below is a sinch to answer or if your answer goes way over my head as I really do not know how easy/hard or even possible(?) my query is so here goes.
I need to configure a cisco 800 series router that has a "basic" feature set - which can be upgraded to "advanced" if necessary - and an ADSL WIC with 2 public usable IP addresses assigned (for security I've contrived the below internal addresses):
Network:
192.168.2.0 255.255.255.252192.168.2.1 primary
192.168.2.2 secondaryThe 192.168.2.1 address has be in use for years and has NAT/PAT set-up and running fine however recently we need to communicate with a company to hook into their web services. Now for organisational/security/logging/other reasons any internal client/server on the LAN accessing the web service must masquerade as coming from the 192.168.2.2 address when communicating with this foreign server at address 10.10.10.1 (again contrived).
What I am have trouble with is trying to get this work is and I am not sure if I have all the concepts correct in my head nor the experience with the Cisco IOS to make this function.
Basically the crux of the operation is:
1) I need to have the current NAT to function as usual so general Internet usage continues. 2) the router needs to mark packets destined for 10.10.10.1 from the same internal clients currently using the NAT in (1) as originating from the IP address 192.168.2.2 referenced as a secondary address on the Dialer. 3) The ONLY traffic that can be maked as originating from 192.168.2.2 is traffic destined for 10.10.10.1, i.e. 192.168.2.2 must soley be used for communicating with the web service. 4) The router needs to receive return traffic from both general Internet useage operating over 192.168.2.1 NAT and from 10.10.10.1 (the return traffic from the web service will always result from a connection on the LAN, i.e. they are synchronous interactions; the foreign web service will never have to callback an individual internal client to return results).From the above requirements I have looked at setting up a dynamic OUTSIDE NAT containing the 192.168.2.2 ip address, but I do not know how this will affect the current dynamic one operating on 192.168.2.1 (there are currenlty some static listings also for incoming traffic to smtp servers) and I do not know how to correctly assign access-lists/routes so that only traffic destined to 10.10.10.1 uses this OUTSIDE NAT and that the internal clients can still receive the return traffic from both the Internet and 10.10.10.1.
Any help/guidance is appreciated and if any further information is required please let me know and I'll will provide the information can.
Thanks
Caza