because these commands doing natting for something we don't need it to pass from the firewall, we need firewall only for servers VLAN and instead for these commands that doing natting for all VLANs
global (outside) 10 83.x.x.197
nat (inside) 10 192.168.0.0 255.255.0.0
we can do it for only servers VLAN:
global (outside) 10 83.x.x.197
nat (inside) 10 192.168.1.0 255.255.255.0
about the access list if you are only use this server 83.x.x.200 so it is enough but u r using this server too: 83.x.x.200 so u need same access list for this server
also you don't have to put route to all VLANs because the firewall is only for servers VLAN but if you did that so it is ok you will not loose anything :D
you don't have to change any thing in ADSL router if the servers of servers VLAN routed to LL route, but if not i think u have to do something to enforce the servers VLAN traffic goes to LL Route when these traffic goes to ADSL router.
But let us try to go to easier way "which the same last way but without to miss anything because i believe in it" and that by putting static IP for servers but here we have to change the default gateway of the servers in server VLAN to internal Firewall interface but that must be done after u change the internal IP address to some thing that agree with servers VLAN and don't forget to change the VLAN access mode in the Switch that connected to that interface :D
by doing that u will enforce the servers to take the Pix firewall route which is the LL route
so let us say that now the traffic arrived to pix then the pix apply to it natting rules and route them to the LL-Router
so now let us check the LL-Router:
first, i don't think that u have to put policy route map on outside interface because by using the last configuration the only traffic that will arrived to it is the servers VLAN traffic so u have only to route them to outside and route there comming traffic to inside interface back to firewall
because the firewall just allowing the servers VLAN traffic to pass throught it and forbid the others and LL-Router is behind firwall, i think that :D
so u have to add back route:
ip route 83.x.x.199 255.255.255.255 83.x.x.194
ip route 83.x.x.200 255.255.255.255 83.x.x.194
so after that we don't need any access list and route map for LL-route i think they are useless /:)
Thanks Bassel for the input, but as I discussed with you earlier, the scenario is different and won't work that way. There is a switch in between the firewall and the routers. I believe this should work.
I also hope that experts from this forums might give a prompt reply on the issue.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...