ok, i too chked . it can have only one ip.

here is the exact senario.

we have two lease line circuits from different isp.

so different ip range. at a point of time i can connect only one to pix. we are using 2600 series router.

question 1.

Can i put double natting. one in router and then in pix.

2) if i specify that i must specify static in both router and pix. In router u map M.N.O.P with a valid ip. then in pix u will map M.N.O.P with another invalid A.B.C.D . Two staics for my web server.

will this work. since i need redundancy. If one of my link fails , then the other link will take care of traffic.

I have to make 2 static maps with different IPs per router and pix.

Logically i feel it has to work.

But am not sure .

Will this work or not ? any perfomance degradation if it works?

ok,

But how can u configure if u have two diffrent netwroks.

two different isp. so ips are different.

For eg. one is of a.b.c.d

second is of m.n.o.p

see i can assign only one IP of this any of the two range but not both. so where is redundancy.

i have 6 web servers both having two valid ips of different ISP for redundancy. Now i must use static also with two different range. we use one 2600 router

sajin

Hi Sajin,

Who manage your router? youslef or ISP?

We're using HSRP protocol to do the failover.

Roger

Hi roger,

We are managing the router too.

Can i put double natting. one in router and then in pix.

2) if i specify that (natting on both router and pix) i must specify static in both router and pix since we have web servers inside our network. In router u map M.N.O.P with two valid ips Given by ISPs X and Y . then in pix u will map M.N.O.P with another invalid A.B.C.D . .

will this work. since i need redundancy. If one of my link fails , then the other link will take care of traffic.

I have to make 2 static maps with one invalid IP in router.

Logically i feel it has to work.

But am not sure .

Will this work or not ? any perfomance degradation if it works?

Is there any other solution.

sajin

Hi Sajin,

I'm not sure about double natting. Have you called Cisco support?

Our configuration for the 2-line is all done in the two Cisco routers by ATT router group engineers.

At the DMZ interface of the PIX, there're four web servers which are using didferent IP block and they're working fine.

Roger

Hi roger,

Double natting works, I tried. with proxy and a pix. Any way double static i will try this sunday. I will let u know the status then. whether it works or not.Or else i will use the dmz port for One isp. just like its coming from another office and connected to our network. any way let me try with double static , double nating . i will let u know by monday. ok.

no friend i will do it myself. If both fails then will ask for help. first 100% effort with in my limit.

regards

sajin

Hey,

If what I understand is correct, you are using one router to accept both ISP's. You might not want to use those IP's past that point unless you are doing NAT twice. Say, you have A.B.C.X/24 and D.E.F.X/24 from each ISP for use as public IP's. You can use however many subnets behind the PIX you want (assuming you have a router behind it too to differentiate the subnets). Have your PIX NAT once to a private subnet for use only inbetween your gateway router and PIX, and have the gateway router NAT again using the 2 public pools providing by your ISP's. I have actually done something similair once before and it did work pretty well.

If you couldn't understand exactly what I meant by all that, sorry, it's kind of hard to relay that scenario in writing. Good luck.