Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

A little confused....need advice

I currently have a Cisco 2620 router which is connected to our Internet provider via point-to-point Frame Relay and a PVC.

I have 12 Public IP addresses available to me.

What I would like to do:

Add a Microsoft ISA server behind the Cisco 2620 router.

What is the best thing to do ?

My idea is to remove the NAT on the Cisco router and give the external NIC on the ISA server a Public IP address, then have NAT on the ISA server only.

Here is my current Cisco 2620 configuration of which I did not configure (I've added letters where the numbers should be in IP addresses for anonymity).

interface Loopback0

no ip address

no ip directed-broadcast


interface FastEthernet0/0

description connected to Internal LAN

ip address

ip access-group 100 in

no ip directed-broadcast

ip nat inside

ip inspect FastEthernet_0_0 in

ip route-cache flow


interface Serial0/0

no ip address

no ip directed-broadcast

encapsulation frame-relay IETF

ip route-cache flow

no ip mroute-cache

frame-relay lmi-type ansi


interface Serial0/0.51 point-to-point

description connected to Internet

ip address a.b.c.d

ip access-group 101 in

no ip directed-broadcast

ip nat outside

ip inspect Serial_0_0_51 in

frame-relay interface-dlci 51 IETF


router rip

version 2

passive-interface Serial0/0.51


no auto-summary


ip nat pool NATPOOL1 a.b.f.g a.b.f.g+4 netmask

ip nat inside source list 1 pool NATPOOL1 overload

: <- these mean "...and so on...."


access-list 1 permit

access-list 100 permit ip any any

access-list 101 deny tcp host a.b.f.g-7 eq www any



If what I proposed earlier is the way to go, how would I go about doing all this?

To Remove the NAT, what do I do?

After removal, will this allow the public IP addresses to pass? What else would be neede to do so.

I've looked at a few example scripts but am a little confused about how to do all this.

If it doesn't make any sense, please request more info. Any advice is much appreciated.

Be gentle, I haven't had too much experience and don't want to screw things up.


New Member

Re: A little confused....need advice

Hi Mark:

Before going to far, what is the reason you are thinking about doing it the way you mentioned? I ask, because in NAT you can do a one-to-one relationship.

IP nat inside source static

This would allow outside users to access the server internally.