sorry i thought i did, my mistake. here it is.

Thanks,

Chris

hi chris

Do note the steps required to remove Nat from your router..

!

interface Vlan1

no ip nat inside

!

interface Dialer0

no ip nat outside

!

Before doing no ip nat inside source list 110 interface Dialer0 overload issue clear ip nat translation * command ..

no ip nat inside source list 110 interface Dialer0 overload

!

no access-list 110 permit ip 10.0.0.0 0.0.0.255 any

regds

Hi thanks for the help. I did that, saved to flash and reloaded... however connections stopped working.

The firewall is natting to a range of ip addresses for some reason, should i change this to PAT for the outside interface (10.0.0.1)?

Ive attatched the firewall config (fw.txt) and new router config (new-router.txt) for reference.

Really appreciate the help.

Hi Chris

Your pix firewall is doing the NAT for 192.168.0.0/24 to 10.0.0.0/24.

You have configured 10.0.0.1/24 in your router onto the outside interface of your firewall which is connected to the router which is also a part of the same subnet.

with the current config until unless you dont have a public ip subnet extended onto your outside interface of your firewall and without doing a nat in router you wont be able to reach the outside world browse internet.

do post out your exact requirement and what exactly you want to do with your setup so that we can suggest accordingly..

regds

Thanks for the reply. My requirement is this:

ADSL 877 router connecting to internet with PPP dialer, dhcp assigned. Inside network address 10.0.0.2.

The router is connected to the PIX 515e firewall, outside interface address 10.0.0.1.

I would like to browse internet for internal clients connected to the ethernet 1 port of the firewall (internal address 192.168.x.x) with NAT such that the connection is shared.

I would also like to be able to PAT on the firewall so i can run applications which require inbound access (web server, ftp etc) to machines on the internal network. I would like to run the rules on the firewall rather than the 877 router because then i can have dmz and the like.

If i set the pix firewal to NAT (or is it correct to say PAT?) all its traffic onto its external interface, 10.0.0.1, then the 877 doesnt need to worry about any port masquerading and can masquerade the single pix firewall address to the external dhcp assigned address.

Ideally i would like the 877 to act as a PPPoE to PPPoA bridge like i have run in the past with my linksys adsl modem and a suse linux box, with the PIX firewall brinding up the PPPoE connection and providing credentials but i dont think this is possible.

Sorry for the confusion, i hope that clarifies matters. Im sure what im trying to do is not too unique, lots of people must run adsl routers with pix firewalls and still want internal inbound access to make applications run properly.

Thanks,

Chris

sorry i thought i did, my mistake. here it is.

Thanks,

Chris