12-20-2011 02:55 PM - edited 03-07-2019 03:59 AM
HI,
I need an advice for a configuration of customer's network.
They had 1 public IP with a cisco router. Then they decide to insert a firewall behind a router for VPN, and want to put another public IP for the firewall.
Now I suppose that I need to put the cisco router in bridged mode, isn't it? I never did this conf. May you help me?
Solved! Go to Solution.
12-27-2011 01:45 AM
but both the portal and the GUI are reachable via https(443), to choose between the two options you just would have to enter the right URL in your browser.
if you want to reach the GUI enter https://ip and for the SSL VPN page enter https://ip/portal_name.
on the netgear is a webserver running reachable via https. with the url you can tell the netgear which site on the webserver you want to reach and as long port 443 is forwarded to the netgear you should be fine.
florian
12-21-2011 05:01 AM
What kind of firewall is it ?
Why not let it handle everything instead ?
12-21-2011 05:31 AM
Hi,
Why you want put the router in bridge mode? what is your idea behind this?
In general, you can put the router as it is and facing internet traffic, then behind the router you can firewall for your vpn tunnels and even public facing servers (DMZ).
You can send your all default route from Firewall pointing to your internet gateway (this could be your ISP router IP). This is what the setup I have for one of my customer.
Please rate the helpfull posts.
Regards,
Naidu.
12-21-2011 06:42 AM
Thank for your answer. The firewall is a netgear (FVS336Gv2) and the problem is that they purchased it to manage ssl-vpn. This kind of firewall create a ssl-vpn portal with the IP address of the wan interface (e.g. https://10.10.10.10/portal/auth), so the ip address must be public.
So facing this problem, I start to think to insert a public IP address on the firewall WAN, but the router already has a public IP, so the only way is to bridge the router...or not?How can I public firewall without modify today's NAT configuration?
Thanks in advance
BR
12-23-2011 05:23 AM
Comes down to a type of connection. If there is a pppoe session based, you are forced to use NAT.
12-26-2011 03:57 AM
So, I have to talk with the provider..this is an ADSL line, but I don't know exacltly if is pppoe or pppoa...is it possible to see from router config?Why I need nat over pppoe?
12-27-2011 01:13 AM
hi,
you could also do a port forwarding from the cisco to the netgear. ssl should be port 443, so if you forward this port to the lan ip of the netgear you should be fine. so if you connect from outside to the public ip of the cisco via ssl the router should forward this query to the netgear.
florian
12-27-2011 01:32 AM
the problem is that if I do a port forwarding on 443, I connect on firewall https://192.168.x.x, but I need to forward the connection to https://192.168.x.x/SSLportal
12-27-2011 01:45 AM
but both the portal and the GUI are reachable via https(443), to choose between the two options you just would have to enter the right URL in your browser.
if you want to reach the GUI enter https://ip and for the SSL VPN page enter https://ip/portal_name.
on the netgear is a webserver running reachable via https. with the url you can tell the netgear which site on the webserver you want to reach and as long port 443 is forwarded to the netgear you should be fine.
florian
12-27-2011 02:17 AM
often the simplest things are the right ones!that is correct, it works!!now I have a problem with activex, but is another thing...thanks a lot
Bye
12-27-2011 01:39 AM
For Mirza:
from the cisco router configuration:
interface ATM0/0/0.1 point-to-point
pvc 8/75
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface ATM0/1/0
no ip address
no atm ilmi-keepalive
!
interface ATM0/1/0.1 point-to-point
pvc 8/75
encapsulation aal5mux ppp dialer
dialer pool-member 2
that means PPPoA, right?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide