i have a site where users are connected to a switch (dummy) and then to a modem that deploy DHCP (private ip address, private DNS,...) to access internet. in this case the modem is doing the natting (192.168.1.0 to public ip)
now i have a new set up to work on, where users will be connected to 3560 switch -> asa 5505 -> 881 ISR -> modem (connected to internet).
all what i can think about is to give the users DHCP from a pool on the switch and do nat on the firewall and on the router.
In this case the 881 router outside interface will have an ip address acquired from the modem.
i cannot figure it out how the users will connect to internet !!!!!!!!!
1- from where they will get the DNS ip.
2- can the router will get the DNS from the modem.
** can i nat the ip of users to the outside interface of the firewall, then this natted ip will be natted also by the router to the DHCP ip.
will this work ? Is there any other way?
i mean there will be 3 natting process (firewall, router, modem), i think this will slow down the connection, process,,,,,,,
About the DNS server, ask your ISP to tell you what are the correct IP addresses. He should have told you that already. Whether the 881 can receive the DNS server settings from the ISP, that depends on whether the ISP is providing this information via DHCP. Technically, there is no problem with that but it really depends on the configuration of your ISP's DHCP service. Still, the 881 does not need to know the DNS server until it is not configured to perform as a caching DHCP server itself (which is currently not, according to your configuration).
Performing a double NAT is possible and it even happens frequently. The question is whether it is necessary to have both ASA and 881 router connected in a row like you have, and whether it would be possible to use just one of them to perform both security features and routing between your internal network and the internet. That would simplify your situation a bit.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...