Design question

[paultaylor04]

Here is the infrastructure I have to work with:

INTERNET-----3600 router----PIX

I have to do the overload NATTING on the PIX. I am planning on doing this.
Can you tell me if it looks fine?

205.171.3.65 is borrowed from their pool of public IP addresses.
Create a static statement on the 1601 router, static of 205.171.3.65 to
10.1.1.65.

Make the network between the PIX and the router: 10.3.3.4/30

So, PIX e0=10.3.3.5 and Router ethernet=10.3.3.6

For NAT on the PIX, I would do this:
nat (inside) 1 10.1.1.0 255.255.255.0
global (outside) 1 10.1.1.65 netmask 255.255.255.0

10.1.1.0 is of course their internal network.


1)Now, is there a better way to do this? I have to abide by certain things
such as NAT has to be done on the PIX.

2)Is there any way to do this if they don't have any public address
available excepting the one which is configured at the router's serial
interface connecting to the CSU/DSU? It's a T1

 

[jimmyzz]

paul,
If you plan to have a private network (10.3.3.x) between the PIX and perimeter router, then the NAT overload statement would best be applied on the perimeter router.

Router
interface serial[X]
ip address <public address>
..
ip nat outside

interface e0
ip address 10.3.3.6 255.255.255.252
ip nat inside

ip nat inside source list 1 interface serial[X] overload
access-list 1 permit <your internal network>

PIX
nat (inside) 1 <your internal network> 255.255.255.0 0 0
global (outside) 1 10.3.3.5

JimmyZ