Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1343
Views
0
Helpful
4
Replies

Configure Router with a Firewall behind it with FTP Services

techacecisco
Level 1
Level 1

‎12-27-2010 12:51 AM - edited ‎03-04-2019 10:53 AM

This is a simple question but I tried searching and could not find an appropriate answers. Can the experts please help me. Thanks.

Basically we have the following:

1) ADSL Broadband Internet line PPoE with a Static IP

2) Cisco Router 870

3) Zyxel Firewall

4) A Server hosting FTP Services

The Cisco Router is currently configured as a modem cum router. One of the Ethernet connection is connected to the switch and shared for multiple access to the Internet.

I would like to use the firewall to control some of the Internet Traffic and also to allow external access (from the Internet) to the FTP server.

I could easily accomplish this on a Linksys, D-Link or any other router/modem using port forwarding. However I am so lost with the CISCO router.

I don't have a problem with the Firewall settings. But if I am correct, the Cisco router is configured with NAT form the WAN to the LAN.

This prevents the Firewall from picking up any Port 20/21(FTP) requests and thus cannot forward the traffic to the server on the LAN.

Is it possible to configure the Cisco router as a modem that passes through all traffic from the WAN to the LAN and let the Firewall deal with the rest?

Thanks in advance.

Labels:
0 Helpful
4 Replies 4

cadet alain
VIP Alumni
VIP Alumni

‎12-27-2010 01:02 AM

Hi,

I don't have a problem with the Firewall settings. But if I am correct, 
the Cisco router is configured with NAT form the WAN to the LAN.

No it is configured to do NAT overload from LAN to WAN so that users ip addresses are natted to  WAN interface public ip address.

But maybe your zyxel firewall is already doing nat? if not then

If you want to do port forwarding then you must use a static NAT entry:

ip nat inside static source tcp 20 20

ip nat inside static source tcp 21 21

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful

techacecisco
Level 1
Level 1
In response to cadet alain

‎12-27-2010 01:11 AM

Thanks for the quick reply. I understand what you mean.

With your suggestion, I should be able to allow traffic meant for the FTP server from the Internet without the firewall at all.

I would prefer to do the NAT or PAT using the firewall instead as it is easier to manage, modify and probably has some better functionality.

So, if I could just configure the Router like a simple modem or something like that, the config on the router should be rather straight forward. 1 WAN in, 1 LAN out. Everything incoming from the WAN comes into the LAN and let the firewall deal with the rest.

Is this possible? Thanks again.

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to techacecisco

‎12-27-2010 01:17 AM

Hi,

So, if I could just configure the Router like a simple modem or something like that,

yes it is possible  you must bridge your router  but I've never done that and you'll have to wait for expert answers to you problem.

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful

techacecisco
Level 1
Level 1
In response to cadet alain

‎12-27-2010 01:19 AM

Oh I see. I will go look up information on setting up the router as a switch. Thanks!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card