NAT

[nix45]

I have a 3620 router with dual T1's coming into it as our Internet connection. I want to set up NAT to allow users from the Internet access to my internal servers. This is no problem for server1 and server2, as I can easily do it with a command similar to this on the 3620....

ip nat inside source static tcp 192.168.32.5 80 171.68.1.1 80 extendable

The problem is that I have a DMZ behind this router, with my web servers inside....

T1 T1
| |
| |
Cisco 3620 router
|
switch --------PIX------switch
| | | |
serv1 serv2 www1 www2


The Ethernet interface of the 3620 is 192.168.32.1
PIX Eth1 = 192.168.32.2, Eth2 = 192.168.30.2

The web servers are on the 192.168.30.x network. How can I NAT those web servers through the 3620 router?

Any help is greatly appreciated.

Thanks,
Chris

 

[ChrisAC]

Why can't you NAT on the PIX? Usually your PIX would have a live address on the outside interface and a LAN address on the inside. You then do a static translation to your servers. You could put all four servers on the LAN side of the PIX and do a static for each server. Your outgoing LAN client traffic would then be NATed to the external address of the PIX.

Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[nix45]

...the same issue has become two threads so lets keep it all in one --> thread557-512479