Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

A little confused....need advice

I currently have a Cisco 2620 router which is connected to our Internet provider via point-to-point Frame Relay and a PVC.

I have 12 Public IP addresses available to me.

What I would like to do:

Add a Microsoft ISA server behind the Cisco 2620 router.

What is the best thing to do ?

My idea is to remove the NAT on the Cisco router and give the external NIC on the ISA server a Public IP address, then have NAT on the ISA server only.

Here is my current Cisco 2620 configuration of which I did not configure (I've added letters where the numbers should be in IP addresses for anonymity).

interface Loopback0

no ip address

no ip directed-broadcast

!

interface FastEthernet0/0

description connected to Internal LAN

ip address 10.0.0.9 255.0.0.0

ip access-group 100 in

no ip directed-broadcast

ip nat inside

ip inspect FastEthernet_0_0 in

ip route-cache flow

!

interface Serial0/0

no ip address

no ip directed-broadcast

encapsulation frame-relay IETF

ip route-cache flow

no ip mroute-cache

frame-relay lmi-type ansi

!

interface Serial0/0.51 point-to-point

description connected to Internet

ip address a.b.c.d 255.255.255.252

ip access-group 101 in

no ip directed-broadcast

ip nat outside

ip inspect Serial_0_0_51 in

frame-relay interface-dlci 51 IETF

!

router rip

version 2

passive-interface Serial0/0.51

network 10.0.0.0

no auto-summary

!

ip nat pool NATPOOL1 a.b.f.g a.b.f.g+4 netmask 255.255.255.0

ip nat inside source list 1 pool NATPOOL1 overload

: <- these mean "...and so on...."

:

access-list 1 permit 10.0.0.0 0.255.255.255

access-list 100 permit ip any any

access-list 101 deny tcp host a.b.f.g-7 eq www any

:

:

If what I proposed earlier is the way to go, how would I go about doing all this?

To Remove the NAT, what do I do?

After removal, will this allow the public IP addresses to pass? What else would be neede to do so.

I've looked at a few example scripts but am a little confused about how to do all this.

If it doesn't make any sense, please request more info. Any advice is much appreciated.

Be gentle, I haven't had too much experience and don't want to screw things up.

Mark.

1 REPLY
New Member

Re: A little confused....need advice

Hi Mark:

Before going to far, what is the reason you are thinking about doing it the way you mentioned? I ask, because in NAT you can do a one-to-one relationship.

IP nat inside source static

This would allow outside users to access the server internally.

Thanks...Steve

74
Views
0
Helpful
1
Replies