Hi all,
please I need an assistance from you guys. I know that this thread is a bit old now but it is not too late to still discuss on it.
I have customer with a crazy network design. Here is the design description: the network have the following devices connected. a PoE switch connecting the LAN. the PoE switch is connected to firewall (Cyberoam). Cyberoam have one interface connected to the LAN switch (PoE), another interface to DMZ on a 2960 switch, and a third interface to a vlan on another 2960 switch as WAN. The second 2960 switch also have another vlan for the Internet segment. A 1721 router with just one fastethernet is doing inter-vlan routing for the Cyberoam WAN leg Vlan and Internet vlan.
The firewall is already doing natting MAIL server, Lync Edge server and some other resources. But now I need to configure NAT on the 1721 router to allow those rources to go out to the internet with their respective public IPs and the inerface IP for browsing. Browsing is the only thing that is not natted on the firewall.
I have configured the router with both static nat for the resources with their public IPs and I configured the overload on the interface IP. Presently the LAN users can get to the interent but the static nat is not working yet.
NOTE: the static mappings are for the DMZ segment.
I noticed that is I had the DMZ subnet in the access-list statement of the overlaod that is permitting the LAN computers to browse the DMZ servers also could browse but it will not be reached from outside with their public IPs.
Do I need to remove the nat on the firewall so that the router will do the translation?
If removing nat on the firewall is not necessary, how do I go about the configuration on the Cisco router?
Any help on this will be greatly appreciated.
thanks in advance.
