Came across a double nat issue, and wondering if there is a possible work
around for this situation. I haven't been able to find a working solution
so I thought I'd post this to the list, see if someone has an idea...
Diagram:
-----------
|Server A |
----------- ip: 192.168.1.2/24
|
|
|
---------- e0: 192.168.1.1/24
|Router B|
---------- e1: 10.179.150.18/28
|
|
|
------------ ip: 10.179.50.30/28
|Firewall C|
------------
|
|
|
----------------
|Hosts 10.x.y.z|
----------------
Hosts 10.x.y.z:
any host on the 10.network has access to Server A on port 1234.
Server A's ip appears as 10.179.150.19 to these hosts in the internal
network. 10.179.150.19 is natted at Router B.
Firewall C:
only allow ip's with 172.16.0.0 coming into the internal network, ie. from
Router B to Firewall C.
Router B:
from what i have figured out -
1.there must be a static route entry - ip route 172.16.10.10
255.255.255.255 10.179.150.30 to get to Firewall C.
2.must translate 10.179.150.19 outside address to 192.168.1.2 inside address
3. traffic coming from Firewall C has a source ip of 172.16.10.10
4.must translate 192.168.1.2 to 10.179.150.18
Traffic coming from Router B to the Firewall has the source translated to
172.168.10.10 (Firewall C will only allow ip's with 172.16.0.0 coming into
the internal network).
Server A:
does not have any default gateway. Server A only recognises address on the
same segment which is why 10.179.150.19 is translated to 192.168.1.2.
required result: Get host-server connectivity. Configuration changes can
only be made on Router B.
Anyone want to have a go at getting this working?
Mark.
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
