I would like to thank you for your help and your support.
However, I am going to implement NAT solution inside my organization with 3 goals:-
1- Allow 2 Internal users ( CEO & VP ) to access Internet [using Static], using 2 Real IP assigned from MY ISP.
2-Allow 200 Internal Users to Access Internet [Using Dynamic as Overloading], using the 3rd Real IP assigned from My ISP.
3-Allow ∞ Internet users ( any one ) to access 3 Servers Only which are inside my Network, using the 4th Real IP assigned from My ISP.
This Symbol ∞ means ----? unlimited, or, any Source, any IP from any where in the internet World .
In 2nd attached, which is [network-2.pps ] you will know , how many real IP I have here in My Network , and it has 2 slights.
Before, implementing this Solution, which is NAT, I want to consult you in current Configurations of My Cisco Router which is I have here inside my organization, in order to advice me if I need to change something or Not .
The Router have 2 Interfaces, which is:-
1-interface Fast Ethernet 0/ 0
2-interface Fast Ethernet 0/1
3-The Interface F 0 / 1 is connected to Normal Unmanaged Switch from 3 Com , and it has the following IP ? 184.108.40.206 / 255.255.255.248 - in Port no 2 in 3COM Switch.
4-There is a Firewall connected to the Same Switch 3 Com , in Port 3 , and it have 220.127.116.11 / 255.255.255.248 / GW 213.255.237. 113 on NIC 1 .
5-The 2nd NIC on the Firewall, have this IP , 192.168.1.100 / 24 .
6-All the Users inside my Network are connected to the Firewall, as GW to have Internet Connection device .
If I am going to implement NAT with 3 goals , do you think the current network will get down, because the Interface F 0/ 0 & F 0 / 1 are changed and one is becoming the INSIDE & Other ONE IS Becoming OUTSIDE ?
If so, can I purchase any Modular that have 4 Ethernet Ports, and do the NAT on it, and leave the Default Interfaces , as its without any disturb for OLD USERS ?
That was my question, because I have reviewed the INFRASTRUCTURE and I have seen this, so I am afraid if I implement NAT, the FIREWALL it Self, will not worked and all the users, will not have the INTERNET Connectivity and no work will done.
So, I am thinking of Purchase, one modular which is HWIC-4 , and put it in Slot 1 in the 1841 Cisco Router, and do the NAT Configurations for the New users, and leave the others as they are connected to the Firewall and have internet connection .
So, please give me your opinion, because I am get confused completely regarding the NAT and the Current situation, which I have here .
Can the Interfaces which is F 0 / 0 & F 0 / 1 , work normally with existing Network after I configure both of them with IP NAT INSIDE & IP NAT OUTSIDE ?
Or, if I change and made the F 0 / 0 as IP NAT OUTSIDE & F 0 / 1 as IP NAT INSIDE , and put the Static NAT Command, the Firewall will stop and all the others users will be unable completely to access Internet ?
Do you think I am thinking in the correct direction or not ?
I request to Purchase 2 HWIC, each one will have 4 Ethernet Ports, so the Total will have 8 Ethernet Ports .
Generally, I am asking you, if I want to implement NAT , with the 3 goals which I mention above, do I need to change the design completely from which I have to new design which I said , using the 2 HWIC Card ?
Please advice me, in order to start working on it , and develop the NAT Solution .
If this is the case , you need to do nat on the firewall itself. since the users are being routed to the Public IP's on the firewall only. The router does not have information regarding your private ips. Your scenario can be easily achieved on the firewall without the fear of disturbing any existing traffic. It would be great if you can let us know which firewall you are using.
I am also having a fortigate firewall.u can do nat with it very easily.it operates in either nat or transparent mode.u can select the mode u want.u can use the interface external and connect it to your external swith which is connected to the router on which u r internet link is terminated.And use the internal interface to connect u r lan.
As fortigate as a web interface u can play with it.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...