×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Firewall behind a Cisco?

Firewall behind a Cisco?

Firewall behind a Cisco?

(OP)
Please excuse my ignorance in this issue.

At my office we have a T1 line from SBC and they provided a Cisco 1700 that currently handles the network NAT.  We have 5 public IPs on the outside interface of the CISCO router, the router is configured to NAT those public IPs to a private scheme of 192.168.x.x.

Could I place a firewall unit (watchgaurd Firebox X500) behind the router and have that unit provide a NAT as well?

this is what we would like to see...

INTERNET -> (Public IP) CISCO 1700 -> (NAT FROM CISCO) 192.168.x.x -> FIREWALL (Have the firebox NAT the Private IP from the CISCO to another Private IP range) -> 10.47.x.x

RE: Firewall behind a Cisco?

You can do it, but a better solution would be to have the router just do the routing for all the addresses, assign a public IP address to the firewall, and let it NAT to your private range. NAT -> NAT can be hassle to troubleshoot, and if you don't have a good reason for it, I'd say don't.

RE: Firewall behind a Cisco?

(OP)
Thanks for the heads up.  I agree that a NAT -> NAT would be a hassle, so the next step is I need to learn how to reconfigure my Cisco 1700 to, what I believe you call, a pass-through?

Anyone have any how-to docs that specify Cisco command lines and a configuration template for that?

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close