I have a situtation that I need to NAT twice, once on router,
and then again on firewall-1. I can't figure out wheather this
will ever work , here 's the our network diagram:
WAN DMZ INTERNAL
-----| Router |--------|Firwall-1|------|HostA|--
we are assigned address space 32.x.x.192-32.x.x.207
from out ISP( WAN), since our DMZ is using 172.24.100.0/24
the router is doing static NAT to this range. our internal network
is 10.10.1.0/24.
The IP address as folowes:
Router = interface on DMZ 172.24.100.3 ( NATed)
Firewall-1: interface (qfe0) on DMZ 172.24.100.2
interface (qfe1) on internal 10.10.1.2
HostA: since I need to access host A from WAN side,
hostA need to be NAT'ed at two place ,
at firewall-1 it NAT from 10.10.1.101 to 172.24.100.101
at Router it is NAT from 32.x.y.101 to 172.24.100.101.
I have setup the firewall rules , route and arp entry on firewall-1
for HostA, and address translation work fine for hostA, if
I connect from DMZ.
Now here's my problem: if I want connnect from hostB from wan
side, the packet destined for 32.x.y.101 , the destination
first NATed to 172.24.100.101 , then pickup by firwall-1
who's listen for arp request, NATed to 10.10.1.101 ?
will this work?
one question : when somebody the DMZ sent out a arp request
for 172.24.100.101, the firwall-1 will respond , but will router
respond too, since it is doing NAT for this address as well?
any help is much appreciated.
TIA,
Jason
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]