Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
313
Views
0
Helpful
1
Replies

A little confused....need advice

mafnz
Level 1
Level 1

‎03-18-2002 11:04 PM - edited ‎03-01-2019 08:55 PM

I currently have a Cisco 2620 router which is connected to our Internet provider via point-to-point Frame Relay and a PVC.

I have 12 Public IP addresses available to me.

What I would like to do:

Add a Microsoft ISA server behind the Cisco 2620 router.

What is the best thing to do ?

My idea is to remove the NAT on the Cisco router and give the external NIC on the ISA server a Public IP address, then have NAT on the ISA server only.

Here is my current Cisco 2620 configuration of which I did not configure (I've added letters where the numbers should be in IP addresses for anonymity).

interface Loopback0

no ip address

no ip directed-broadcast

!

interface FastEthernet0/0

description connected to Internal LAN

ip address 10.0.0.9 255.0.0.0

ip access-group 100 in

no ip directed-broadcast

ip nat inside

ip inspect FastEthernet_0_0 in

ip route-cache flow

!

interface Serial0/0

no ip address

no ip directed-broadcast

encapsulation frame-relay IETF

ip route-cache flow

no ip mroute-cache

frame-relay lmi-type ansi

!

interface Serial0/0.51 point-to-point

description connected to Internet

ip address a.b.c.d 255.255.255.252

ip access-group 101 in

no ip directed-broadcast

ip nat outside

ip inspect Serial_0_0_51 in

frame-relay interface-dlci 51 IETF

!

router rip

version 2

passive-interface Serial0/0.51

network 10.0.0.0

no auto-summary

!

ip nat pool NATPOOL1 a.b.f.g a.b.f.g+4 netmask 255.255.255.0

ip nat inside source list 1 pool NATPOOL1 overload

: <- these mean "...and so on...."

:

access-list 1 permit 10.0.0.0 0.255.255.255

access-list 100 permit ip any any

access-list 101 deny tcp host a.b.f.g-7 eq www any

:

:

If what I proposed earlier is the way to go, how would I go about doing all this?

To Remove the NAT, what do I do?

After removal, will this allow the public IP addresses to pass? What else would be neede to do so.

I've looked at a few example scripts but am a little confused about how to do all this.

If it doesn't make any sense, please request more info. Any advice is much appreciated.

Be gentle, I haven't had too much experience and don't want to screw things up.

Mark.

Labels:
0 Helpful
1 Reply 1

scarothe
Level 1
Level 1

‎03-22-2002 09:29 AM

Hi Mark:

Before going to far, what is the reason you are thinking about doing it the way you mentioned? I ask, because in NAT you can do a one-to-one relationship.

IP nat inside source static

This would allow outside users to access the server internally.

Thanks...Steve

0 Helpful
Customers Also Viewed These Support Documents