Cisco 803 ISDN router - using NAT to connect to external supplier?

Unanswered Question
Jan 21st, 2008

Hi,

I wonder if anyone can help.

We have a connection to an external supplier, where we have a Cisco 803 ISDN router connected to the OUTSIDE interface of our firewall using a public IP address from our assigned range.

One of the devices on our internal network connects to a server at the supplier's network. A static translation of this device's internal IP address to a public IP address is set-up on our firewall and then the traffic is routed to the supplier network via the ISDN connection on the Cisco 803 router. The supplier only allows access for us from this public IP address.

I have attached a diagram showing the current set-up and the sanitized Cisco 803 router config.

The problem I have is that we now have a new firewall and use a different ISP and will be shutting down this “old” internet pipe soon so I have to incorporate access to this supplier network with our new set-up before this happens.

I could just set things up in the same way, connecting to the outside of our new firewall and using an IP address from our new address range but would prefer not to do this if I can help it (mainly because it would mean disconnecting our new internet pipe, which is already in use, in order to set this up)

Is there a means I can simply connect the Cisco 803 to our internal network and perhaps use some address translation on the 803 itself to translate internal IP to public IP and have it routed over the ISDN connection to the supplier network?

The supplier won't allow us to connect to them over the internet so we have to use the ISDN connection and need to use routable (i.e. non-private) IP addresses but I'm wondering if we could achieve that with address translation on the 803 of some sort?

Does anyone have any suggestions on how best to achieve this?

Thanks.

ps I don't really have the facility to test in advance so I would have to make any changes on our "live" set-up so i would also like to minimise any disruption as much as possible!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mitchen Thu, 01/31/2008 - 02:24

Hi,

thanks for the response. However, I think you have perhaps misunderstood the questions I was asking (apologies, I don't think I explained it very well!)

I know there is nothing wrong with the ISP or the new firewall, what I'm looking for is some new design options.

I'm wondering if it is possible to avoid connecting the 803 router to the outside of our firewall but instead connect it to the inside of our network and use address translation on the 803 to achieve our supplier's requirements of using a public IP address and routing traffic to them over the ISDN connection?

(We are not currently doing any address translation on the 803 router - as can be seen from its config - currently, any address translation takes place on our firewall)

Can anyone help with any design suggestions on this?

Thanks.

Actions

This Discussion