From: Joseph D. Phillips (jphillips@ufcwdrugtrust.org)
Date: Tue Jun 08 2004 - 15:38:21 GMT-3
Oh yeah, like I would know!
I know that's how it works when two companies merge but have the same private address space. One company will have 192.168.1.x and so will the other. To avoid having to readdress both local area networks, the decision is made to run NAT on both sides.
As for a sample config, I'm sure someone would have done this by now. :)
I now yield the floor to one of the four-digit CCIEs who fantasize about such things as double-NAT. :)
-----Original Message-----
From: Patrick Torney [mailto:ptorney@satx.rr.com]
Sent: Tuesday, June 08, 2004 11:31
To: Joseph D. Phillips; Group Study (E-mail)
Subject: Re: EIGRP and firewalls
Would you mind providing a simple sample config to achieve that double
nat'ing?
thanks.
----- Original Message -----
From: "Joseph D. Phillips" <jphillips@ufcwdrugtrust.org>
To: "Group Study (E-mail)" <ccielab@groupstudy.com>
Sent: Tuesday, June 08, 2004 1:13 PM
Subject: FW: EIGRP and firewalls
> They can be put on the same subnet with double-NAT'ing.
>
>
>
> -----Original Message-----
> From: Daniel Sheedy [mailto:dansheedy@gmx.net]
> Sent: Tuesday, June 08, 2004 10:17
> To: Joseph D. Phillips; Group Study (E-mail)
> Subject: Re: EIGRP and firewalls
>
>
> Hi Joseph,
>
> I think the problem here is not exactly about the firewall. If you think
> about, the firewall is introducing another subnet. How do you peer two
> EIGRP neighbors if they arent on the same subnet? bit tricky... :)
>
>
>
> Dan
>
>
>
> ----- Original Message -----
> From: "Joseph D. Phillips" <jphillips@ufcwdrugtrust.org>
> To: "Group Study (E-mail)" <ccielab@groupstudy.com>
> Sent: Tuesday, June 08, 2004 7:05 PM
> Subject: EIGRP and firewalls
>
>
> > I would guess that you can't form a neighborship between an EIGRP
speaker
> with a public address and an EIGRP speaker behind a firewall whose address
> is in the private range, thanks to network address translation.
> >
> > I should think, however, that there are ways of configuring firewalls to
> allow the multicast hello traffic transit to the necessary interfaces. The
> firewall I use at work does routing as well.
> >
> >
> >
> > -----Original Message-----
> > From: Joe Chang [mailto:changjoe@earthlink.net]
> > Sent: Tuesday, June 08, 2004 09:54
> > To: Victor Kasacavage; Moreau, Franck; ccielab@groupstudy.com; 'Dan'
> > Subject: Re: My first but not last :( - Need your help.
> >
> >
> > I guess the question would be whether the firewall can alter the IP
> > information in EIGRP's RTP packets. Would a Cisco manufactured firewall
be
> > able to do that?
> >
> > By the way, that's some great advice, thank you Victor.
> >
> > > RTR A ---- FIREWALL --- RTR B
> > >
> > > RTR A and RTR B use EIGRP. Make the routes in RTR A appear on RTR B
> > > routing table.
> > >
> > > Now, what is the problem being presented
> > > what are the possible options
> > > which is the best possible solution
> > >
> > > The problem is that EIGRP doesn't work through firewalls.....why? It
is
> > > very important to understand the why part as this will let you know if
> you
> > > really understand how EIGRP works (I'll leave this one up to the
group)
> >
> > _______________________________________________________________________
> > Please help support GroupStudy by purchasing your study materials from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Please help support GroupStudy by purchasing your study materials from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:35 GMT-3