cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
418
Views
0
Helpful
7
Replies

NEW - TO- NAT - URGENT HELP PLEASE

mmtantawi
Level 1
Level 1

Hi All,

I would like to thank you for your help and your support.

However, I am going to implement NAT solution inside my organization with 3 goals:-

1- Allow 2 Internal users ( CEO & VP ) to access Internet [using Static], using 2 Real IP assigned from MY ISP.

2-Allow 200 Internal Users to Access Internet [Using Dynamic as Overloading], using the 3rd Real IP assigned from My ISP.

3-Allow ∞ Internet users ( any one ) to access 3 Servers Only which are inside my Network, using the 4th Real IP assigned from My ISP.

This Symbol ∞ means ----? unlimited, or, any Source, any IP from any where in the internet World .

In 2nd attached, which is [network-2.pps ] you will know , how many real IP I have here in My Network , and it has 2 slights.

Before, implementing this Solution, which is NAT, I want to consult you in current Configurations of My Cisco Router which is I have here inside my organization, in order to advice me if I need to change something or Not .

The Router have 2 Interfaces, which is:-

1-interface Fast Ethernet 0/ 0

2-interface Fast Ethernet 0/1

3-The Interface F 0 / 1 is connected to Normal Unmanaged Switch from 3 Com , and it has the following IP ? 213.255.237.113 / 255.255.255.248 - in Port no 2 in 3COM Switch.

4-There is a Firewall connected to the Same Switch 3 Com , in Port 3 , and it have 213.255.237.116 / 255.255.255.248 / GW 213.255.237. 113 on NIC 1 .

5-The 2nd NIC on the Firewall, have this IP , 192.168.1.100 / 24 .

6-All the Users inside my Network are connected to the Firewall, as GW to have Internet Connection device .

Now,

If I am going to implement NAT with 3 goals , do you think the current network will get down, because the Interface F 0/ 0 & F 0 / 1 are changed and one is becoming the INSIDE & Other ONE IS Becoming OUTSIDE ?

If so, can I purchase any Modular that have 4 Ethernet Ports, and do the NAT on it, and leave the Default Interfaces , as its without any disturb for OLD USERS ?

That was my question, because I have reviewed the INFRASTRUCTURE and I have seen this, so I am afraid if I implement NAT, the FIREWALL it Self, will not worked and all the users, will not have the INTERNET Connectivity and no work will done.

So, I am thinking of Purchase, one modular which is HWIC-4 , and put it in Slot 1 in the 1841 Cisco Router, and do the NAT Configurations for the New users, and leave the others as they are connected to the Firewall and have internet connection .

So, please give me your opinion, because I am get confused completely regarding the NAT and the Current situation, which I have here .

Can the Interfaces which is F 0 / 0 & F 0 / 1 , work normally with existing Network after I configure both of them with IP NAT INSIDE & IP NAT OUTSIDE ?

Or, if I change and made the F 0 / 0 as IP NAT OUTSIDE & F 0 / 1 as IP NAT INSIDE , and put the Static NAT Command, the Firewall will stop and all the others users will be unable completely to access Internet ?

Do you think I am thinking in the correct direction or not ?

I request to Purchase 2 HWIC, each one will have 4 Ethernet Ports, so the Total will have 8 Ethernet Ports .

Generally, I am asking you, if I want to implement NAT , with the 3 goals which I mention above, do I need to change the design completely from which I have to new design which I said , using the 2 HWIC Card ?

Please advice me, in order to start working on it , and develop the NAT Solution .

7 Replies 7

mahmoodmkl
Level 7
Level 7

HI

for nat check this link.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml

why dnot u use nat on u r firewall.

your firewall outside interface will be connected to u r outside router.

Thanks

Mahmood

zubairjalal
Level 1
Level 1

Hi.

i think on a broader level this is the setup.

Users--->Firewall--->Intenet Router

If this is the case , you need to do nat on the firewall itself. since the users are being routed to the Public IP's on the firewall only. The router does not have information regarding your private ips. Your scenario can be easily achieved on the firewall without the fear of disturbing any existing traffic. It would be great if you can let us know which firewall you are using.

i am using FORTIGATE FIREWALL

Hi

I am also having a fortigate firewall.u can do nat with it very easily.it operates in either nat or transparent mode.u can select the mode u want.u can use the interface external and connect it to your external swith which is connected to the router on which u r internet link is terminated.And use the internal interface to connect u r lan.

As fortigate as a web interface u can play with it.

Thanks

Mahmood

Hi,

CAN YOU PLEASE TELL ME OR SEND ME THE WHITE PAPER FOR CONFIGURING NAT ON THE FORTIGATE FIREWALL INTERFACE IT SELF, and how to do the NAT TO THE INTERNAL IP ADDRESS.

because i have 2 REAL IP & I WANT TO NAT 2 REAL IP TO 2 INTERNAL IP Address.

Please send me the URL OR ANY WHITE PAPER FOR THAT.

Hi

I wish i could assit u but it is a long procedure.if u dnot mind u can catch me on yahoo messenger at mahmood_mkl so that i can explain u the procedure with the steps.

Thanks

Mahmood

gpulos
Level 8
Level 8

man...

you've posted this request 6 times on this forum in different areas.

this leads to severe confusion for those trying to help you as well as keeps the forums very messy.

viewing your history, you've done this with every request you've asked. for the amount of information you request you may want to make it easier for everyone and post just one thread.

hate to seem like i'm harsh but this is very frustrating for all of us i think.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: