Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Router in bridged mode with firewall behind?

HI,

I need an advice for a configuration of customer's network.

They had 1 public IP with a cisco router. Then they decide to insert a firewall behind a router for VPN, and want to put another public IP for the firewall.

Now I suppose that I need to put the cisco router in bridged mode, isn't it? I never did this conf. May you help me?

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Router in bridged mode with firewall behind?

but both the portal and the GUI are reachable via https(443), to choose between the two options you just would have to enter the right URL in your browser.

if you want to reach the GUI enter https://ip and for the SSL VPN page enter https://ip/portal_name.

on the netgear is a webserver running reachable via https. with the url you can tell the netgear which site on the webserver you want to reach and as long port 443 is forwarded to the netgear you should be fine.

florian 

10 REPLIES
New Member

Router in bridged mode with firewall behind?

What kind of firewall is it ?

Why not let it handle everything instead ?

Router in bridged mode with firewall behind?

Hi,

Why you want put the router in bridge mode? what is your idea behind this?

In general, you can put the router as it is and facing internet traffic, then behind the router you can firewall for your vpn tunnels and even public facing servers (DMZ).
You can send your all default route from Firewall pointing to your internet gateway (this could be your ISP router IP). This is what the setup I have for one of my customer.


Please rate the helpfull posts.
Regards,
Naidu.

New Member

Router in bridged mode with firewall behind?

Thank for your answer. The firewall is a netgear (FVS336Gv2) and the problem is that they purchased it to manage ssl-vpn. This kind of firewall create a ssl-vpn portal with the IP address of the wan interface (e.g. https://10.10.10.10/portal/auth), so the ip address must be public.

So facing this problem, I start to think to insert a public IP address on the firewall WAN, but the router already has a public IP, so the only way is to bridge the router...or not?How can I public firewall without modify today's NAT configuration?

Thanks in advance

BR

New Member

Router in bridged mode with firewall behind?

Comes down to a type of connection. If there is a pppoe session based, you are forced to use NAT.

New Member

Router in bridged mode with firewall behind?

So, I have to talk with the provider..this is an ADSL line, but I don't know exacltly if is pppoe or pppoa...is it possible to see from router config?Why I need nat over pppoe?

New Member

Router in bridged mode with firewall behind?

hi,

you could also do a port forwarding from the cisco to the netgear. ssl should be port 443, so if you forward this port to the lan ip of the netgear you should be fine. so if you connect from outside to the public ip of the cisco via ssl the router should forward this query to the netgear.

florian

New Member

Router in bridged mode with firewall behind?

the problem is that if I do a port forwarding on 443, I connect on firewall https://192.168.x.x, but I need to forward the connection to https://192.168.x.x/SSLportal

New Member

Router in bridged mode with firewall behind?

but both the portal and the GUI are reachable via https(443), to choose between the two options you just would have to enter the right URL in your browser.

if you want to reach the GUI enter https://ip and for the SSL VPN page enter https://ip/portal_name.

on the netgear is a webserver running reachable via https. with the url you can tell the netgear which site on the webserver you want to reach and as long port 443 is forwarded to the netgear you should be fine.

florian 

New Member

Router in bridged mode with firewall behind?

often the simplest things are the right ones!that is correct, it works!!now I have a problem with activex, but is another thing...thanks a lot

Bye

New Member

Re: Router in bridged mode with firewall behind?

For Mirza:

from the cisco router configuration:

interface ATM0/0/0.1 point-to-point

pvc 8/75

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

!

!

interface ATM0/1/0

no ip address

no atm ilmi-keepalive

!

interface ATM0/1/0.1 point-to-point

pvc 8/75

  encapsulation aal5mux ppp dialer

  dialer pool-member 2

that means PPPoA, right?

4065
Views
0
Helpful
10
Replies
CreatePlease login to create content