06-20-2007 01:10 PM - edited 03-03-2019 05:32 PM
Hi all, In our HQ we have a WAN 2800 router, its LAN Eth0 address is 192.100.100.1 which is the gateway to all remote offices. Also HQ we have a firewall connected to the internet, its LAN Eth0 address is 192.100.100.254. All users on the HQ LAN have their Gateway pointing to he WAN 2800 192.100.100.1. I need to allow all users on the LAN and WAN to use an internet service on TCP port 5631. I need to forward a TCP port 5631 from the WAN 2800 Router 192.100.100.1 to re-direct to the firewall 192.100.100.254. When I applied a NAT rule on the 2800 it completed stops internet traffic, all help will be appreciated.
Kind Regards,
Rob
06-20-2007 01:24 PM
Hello,
due to your topology, the 2800 cannot have any role in this design.
Now, if the connection is initiated from the inside to outside, toward port 5631, all the PCs should be able to use it and your firewall will do PAT as necessary. If it does not, please check its configuration.
If the connection is initiated from outside to inside, configure a port forward on the firewall. You will be able to specify one single "inside" address for each TCP port forwarded.
Hope this helps, please rate post if it does!
06-20-2007 01:33 PM
Hi thanks for the reply.
our requirments is as stated in your first statement. It is from inside to outside, the PCs point to the WAN 28xx router, then we need to re-direct their request to the firewall. The firewall PAT is working fine as if we change the PCs gateway to the firewall it works fine. Can you please provide an example config line required on the 28xx router. Thanks in advance.
Rob
06-20-2007 01:50 PM
Hi,
the 2811 should not change anything in the packet from inside to outside and viceversa. It is strange that if you set the default GW as the FW address it works, but if set to router router, it does not.
The router should just have route 0.0.0.0 0.0.0.0
The only thing is that perhaps for some security reason the FW wants to see the packets sourced from PC on the local LAN, come in with the same source MAC address it has in ARP table, thing that would not happen in case you place the router on the same subnet and is used as GW by the PCs.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide