That's what we do. We've started moving our 3rd party and network mergers to a firewall that we NAT them through. I'm assuming you are putting some sort of VPN or MPLS connectivity into this DMZ and just advertising your network via this public block.
I would also recommend a may overload for traffic leaving your network for theirs that doesn't have a one-to-one nat in place.
Good luck.
Regards,
Jay McMickle- CCNP,CCSP,CCDP
Sent from my iPhone
http://mycciepursuit.wordpress.com
On Sep 21, 2011, at 2:09 PM, Dennis Worth <dennis.worth_at_gmail.com> wrote:
> Group,
>
> Looking at VPN plan to NAT a handful of devices to merging company who does
> not route RFC1918. They gave me a block of Public IP's to NAT our inside
> hosts to, but what can I do to NAT and route those hosts?
>
> 1st thought was to do DMZ segment and another FW behind it to do the NATing,
> but not sure that is the best or only option.
>
> Any thoughts are appreciated.
>
> Thanks,
>
> --
> Dennis Worth
>
> "Of all men's miseries the bitterest it this: to know so much and to have
> control over nothing."
> --Herodotus
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Wed Sep 21 2011 - 21:04:34 ART
This archive was generated by hypermail 2.2.0 : Sat Oct 01 2011 - 07:26:25 ART