I have a full C address pool. I cannot use .1 as the ISP has assigned it to the 2610 LAN interface. I have two different physical networks that need to share this gateway address.
I believe I should buy a Catalyst 2912. I plan to use the remaining 253 client ID's for the two different segments.
I plan to use one port on the switch as a backbone port. - 1 VLAN
I plan to use a second port for the uplink to a wireless base station that hosts external networks. To these networks I plan to offer no more than 5 valid IP addresses each. They can NAT, Proxy or just assign these addresses - I do not care and do not take responsibility for their schemas.
I plan to use the third port to attach to my Firewall and on to my corporate LAN. The firewall is an appliance and not very strong (I know, I should buy a PIX or at least an IOS that is sexier but times are tough and I have to remind myself that I am not at a .com anymore).
These two different networks will use the same network ID and Mask. They should not see each other, they should always use the backbone port on the switch to hit external networks/Internet.
Does anyone have a better solution (cost conscious please) or a more detailed explanation regarding using filters or VLAN to try to seperate traffic between the two networks?
The topic of this forum is General Security & Firewalling issues. There are a number of professionals online who may be able to assist you. We are always considering additional forums for such topics and I will make a note of your post.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...