From: Gregory Gombas (ggombas@gmail.com)
Date: Tue Dec 09 2008 - 16:32:45 ARST
Thanks Long, I have considered the static NAT, but I was just
wondering if the bridge concept was even feasible.
Regards,
Greg
On Tue, Dec 9, 2008 at 1:25 PM, Long Nguyen <longoc@gmail.com> wrote:
> Maybe you could use a static one-to-one NAT to the firewall?
>
>
> Long Nguyen
>
>
>
> On Tue, Dec 9, 2008 at 10:22 AM, Gregory Gombas <ggombas@gmail.com> wrote:
>>
>> Hi Gang,
>>
>> My client has a Cisco router with a T1 connection to the internet.
>> They were only allocated one IP from the ISP and that is assigned to
>> the serial interface of the Cisco router.
>> Currently the router is doing the NAT'ing and firewall functions for
>> the internal network, but they would like to install a separate
>> firewall behind the router so they can control the filtering and NAT
>> translations from this new firewall instead of the router.
>>
>> Can I put the router into bridge mode so that I can assign the
>> internet address directly to the firewall? I tried testing this in my
>> lab but the problem is the arp requests from the firewall are failing
>> due to the difference in encapsulations.
>>
>> The setup looks like this:
>>
>> ISP (55.55.55.1/30)
>> |
>> Router
>> |
>> Firewall (55.55.55.2/30)
>> |
>> Internal Network (192.168.1.0/24)
>>
>> Is this even feasible?
>>
>> Thanks,
>> Greg
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:08 ARST