NAT Question ....


I have a router which is connected to a firewall. Here is where I want the NAT and VPNs to terminate. I am having trouble figuring out how to set this up.

If I have NAT at the firewall then information has to get from the router to the firewall for the NAT translation. Does this mean I have to have public IPs between the router and the firewall?

I have 5 IP addresses to work with from my carrier but I don't want to hastily use them. How can I get information to get passed from the router to the firewall and how should I address?

Internet ---> (public IP) router (private IP) ------- (private IP) Firewall doing NAT and terminating VPNs (private IP) ------ LAN

Is there a way to successfully set up the above schema? If I can do that, then I will have IP Addresses left over to do a static NAT for my email server. That way, I can do PAT with one address for all traffic except the mail server traffic which will have a static NAT translation to a second public address.

I guess if I can't do that, then I can subnet my block of 5 addresses so my outer address is configured as a point to point with my gateway address at my carrier and then use the other addresses as a point to point subnet between my router and firewall using the rest of the public addresses.

Then the MX record would reflect my outer address of my firewall right? THen I wouldn't have any addresses left to be able to create a static NAT for my email server though. (I would use all of them creating the public point to point between my router and firewall and so all traffic from the inside would have to be translated using just one public address).

Still confused at how to proceed.

Help greatly appreciated. Thank you.

Reply to
K.J. 44
Loading thread data ...

You would be using 2 public IP address for the router and the ASA. the ASA would know the subnet of IP address based on the external interface setup. so for example

router fast thernet0/0 would have external IP address ASA external interface would have Then you could NAT through the ASA to internal systems on the private LAN.

Reply to
Chad Mahoney

If I did that then I would have a public IP address on the outside of the router, and another public in the same subnet as the outside of the firewall, which is connected to the inside interface of the router...

internet ----- Router (inside interface) ------- Firewall (private LAN)

Can I simply NAT to a public address and send it the rest of the way to through the private network and put a static route in the router? So something like this

internet ----- /30 ROUTER -------- Firewall (private LAN)

Than on the firewall have a translation:

anything from the private LAN translate source address to anything from the mail server translate source address to

Static route on the firewall: /30 go out inside interface

Then have my MX record point to

Would this work?

Chad Mah> > Hi,

Reply to
K.J. 44 Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.