From: Long Nguyen (longoc@gmail.com)
Date: Tue Dec 09 2008 - 16:25:35 ARST
Maybe you could use a static one-to-one NAT to the firewall?
Long Nguyen
On Tue, Dec 9, 2008 at 10:22 AM, Gregory Gombas <ggombas@gmail.com> wrote:
> Hi Gang,
>
> My client has a Cisco router with a T1 connection to the internet.
> They were only allocated one IP from the ISP and that is assigned to
> the serial interface of the Cisco router.
> Currently the router is doing the NAT'ing and firewall functions for
> the internal network, but they would like to install a separate
> firewall behind the router so they can control the filtering and NAT
> translations from this new firewall instead of the router.
>
> Can I put the router into bridge mode so that I can assign the
> internet address directly to the firewall? I tried testing this in my
> lab but the problem is the arp requests from the firewall are failing
> due to the difference in encapsulations.
>
> The setup looks like this:
>
> ISP (55.55.55.1/30)
> |
> Router
> |
> Firewall (55.55.55.2/30)
> |
> Internal Network (192.168.1.0/24)
>
> Is this even feasible?
>
> Thanks,
> Greg
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:08 ARST