Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ISA550 Question

Can I route a block of IP's using ISA550?  I have a extra ISA550 and wanted to find a use for it.  I need to route a block of Public IP's and would like some firewall protection.  If i enter one of the IPs into the WAN1 connection and turn on routing, can I enter a VLAN with the same subnet?  

  • Small Business Security
4 REPLIES
Gold

ISA550 Question

Hi John,

You cannot use the same subnet on the LAN and WAN. What you can do is Static NAT, also known as One-to-One NAT. This allows you to translate a block of public IPs to private IPs so that all traffic passes through the firewall but the transition is seamless. Anyone connecting from the outside would never know that the server has a private IP.

- Marty

New Member

ISA550 Question

Thanks for the reply Marty.  The problem is that the devices that use these IP's must have them hardcoded into the machine for some of the proprietary software to work properly.

I know the mantra these days is "protection" at all costs, however sometimes you must route a device with a bonafide public address. 

So to make sure I understand - The ISA550 will NOT route between a public IP and a LAN in the same subnet.  I'm glad I did not take the time to set this up to find out it would not work. 

Can the WAN1 be bridged?  Just trying to make use of it rather than selling it.  

New Member

ISA550 Question

hi John,

the feature you may want to look at is 'DMZ'

you wan addresses to be natted to hosts (all ports, or you can limit to access lists)

I was thinking you could set your dmz network on the same network or a routed network from the WAN, but have not found an example for that config.  I have seen this done on a rv042 (which will also do bridge mode).

What is the application you are using?

by the way, NAT isn't really protection, it's more like obscurity.  The firewall in the device is what blocks malicious or unwanted traffic.

Dan

New Member

ISA550 Question

Daniel, it would be great if you could find that config you are talking about.  The RV042G and the RV320 will do a public range on the DMZ but I can't find a way to do it on an ISA550

237
Views
0
Helpful
4
Replies
This widget could not be displayed.