RE: NAT twice, will this work?

Francis Arigo Tue, 17 Oct 2000 22:20:18 -0700
I have used a very similar config. In our case, we requested an additional 
serial(/30) subnet from our ISP. We used that between the WAN router and the 
Firewall-1. Then the firewall is the only thing translating.

Francis Arigo

>From: Jason Jin <[EMAIL PROTECTED]>
>Reply-To: Jason Jin <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: RE: NAT twice, will this work?
>Date: Tue, 17 Oct 2000 12:10:31 -0400
>
>
>I have a situtation that I need to NAT twice, once on router,
>and then again on firewall-1.  I can't figure out wheather this
>will ever work , here 's the our network diagram:
>
>
>  WAN                   DMZ        INTERNAL
>-----| Router |--------|Firwall-1|------|HostA|--
>
>we are assigned address space 32.x.x.192-32.x.x.207
>from out ISP( WAN), since our  DMZ is using 172.24.100.0/24
>the router is doing static NAT to this range.  our internal network
>is 10.10.1.0/24.
>
>
>The IP address as folowes:
>
>       Router   = interface on DMZ 172.24.100.3 ( NATed)
>       Firewall-1: interface (qfe0)  on DMZ   172.24.100.2
>                   interface (qfe1)  on internal 10.10.1.2
>
>HostA:  since I need to access host A from WAN side,
>       hostA  need to be NAT'ed at two place ,
>       at firewall-1 it NAT from 10.10.1.101 to 172.24.100.101
>       at Router it is NAT from 32.x.y.101 to 172.24.100.101.
>
>I have setup the firewall rules , route and arp entry on firewall-1
>for HostA, and address translation work fine for hostA, if
>I connect from DMZ.
>
>Now here's my problem: if I want connnect from hostB from wan
>side, the packet destined for 32.x.y.101 , the destination
>first NATed to 172.24.100.101 , then pickup by firwall-1
>who's listen for arp request, NATed to 10.10.1.101 ?
>will this work?
>
>one question : when somebody the DMZ sent out a arp request
>for 172.24.100.101, the firwall-1 will respond , but  will router
>respond too, since it is doing NAT for this address as well?
>any help is much appreciated.
>
>
>TIA,
>
>Jason
>
>_________________________________
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at 
http://profiles.msn.com.

_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NAT twice, will this work?

Reply via email to
