|
Posted by PacketU on June 30, 2008, 8:13 pm
I'm not sure what you mean by " All outgoing connections from anything on
192.168.1.0/24 is presented to the outside on xx.xx.xx.209."
Your config will route all traffic to xx.xx.xx.209, but will be presented as
xx.xx.xx.11-xx.xx.xx.222 then PAT'd xx.xx.xx.210. So based on the Static the
first 212 host will get a 1 to 1 nat then port level pat after that.
On the access list, you will want to specify the public ip as the
destination. It is applied before the NAT changes to the private address.
The second example may have unintended consequences.
I would use my recommendations and modify the first config. Also, the
second config shows 211 as the start of the NAT range where the first one
shows 11.
> Hi,
>
> This is what I was thinking of doing:
>
> Router:
> interface Ethernet0
> ip address xx.xx.xx.209 255.255.255.240
>
> interface Dialer0
> ip address negotiated (receives WAN static)
>
> Firewall:
>
> interface vlan2
> nameif outside
> security-level 0
> ip address xx.xx.xx.210 255.255.255.240
>
> interface vlan1
> nameif inside
> ip address 192.168.1.1 255.255.255.0
> security-level 100
>
> global (outside) 1 interface
> global (outside) 2 xx.xx.xx.11-xx.xx.xx.222 netmask 255.255.255.240
> nat (inside) 1 0 0
>
> route outside 0.0.0.0 0.0.0.0 xx.xx.xx.209 1 (can this go in the
> outside interface definition?)
> access-group outside_access_in in interface outside
>
> access-list outside_access_in extended permit tcp any host
> 192.168.1.10 eq 25
>
> static (inside,outside) xx.xx.xx.211 192.168.1.10 netmask
> 255.255.255.240
>
> What I want to achieve with this is the following:
>
> - All outgoing connections from anything on 192.168.1.0/24 is
> presented to the outside on xx.xx.xx.209.
> - I have some server on 192.168.1.10 which I want presenting to the
> outside world on xx.xx.xx.211.
> - I want people to connect to the IP address xx.xx.xx.211 on port 25
> and they will be connected to this server.
>
> Will this do it?
>
> The other way I was looking at it was this:
>
> global (outside) 1 interface
> global (outside) 2 xx.xx.xx.211 255.255.255.240
> nat (inside) 1 0 0
> nat (inside) 2 access-list mail_server
>
> access-list mail_server extended permit tcp any host
> 192.168.1.10 eq 25
>
> I also have some IP addresses with no inbound connections, but I need
> to ensure that they present on the outside using a specific IP
> address.
>
> Any help would be gratefully received.
>
> Thanks.
> Andrew.
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map