ADSL and PIX puzzle [7:63458]

Thu, 20 Feb 2003 18:09:20 -0800 

Hello networkers,

I am trying to "conjure up" a working config for an ADSL link with static IPs
for a 827 series router,
these public IPs are supposed to point to, say a webserver, that sits behind
a
pix firewall
(which is directly connected to 827 router4s ethernet interface),
problem is when I try to come up with a working config. I find myself
getting into trouble.
(The catch is, I need the webserver behind that pix.)
Now this gets me using NAT twice to get a public IP from
the internet through the router past the pix and into my webserver,
I know it doesn4t sound right and obviously does not work either ;),
Any help/clue/criticisms are most welcome ;)
Ok,
What it looks like so far:


 [internet] ---->[router] ----->[pix] --------->[lan/webserver]
                [827series]----->[506E]------->[lan/webserver]


IP addresses:
For internet access I have 200.10.10.136 mask 255.255.255.0
Public IPs: 200.10.15.184 255.255.255.248 (for example)
Public IP for my webserver is 200.10.15.189


Router 827:
----------

!
int eth0
  ip address 192.168.0.200 255.255.255.255.0
  ip nat inside
!
int atm0
  no ip address
  dsl operating-mode auto
!
int atm0.1 point-to-point
   no ip address
   pvc 0/35
        pppoe-cliente dial-pool-number 1
!
int dialer1
  ip address 200.10.10.136 255.255.255.0
  ip nat outside
  dialer pool 1
!
ip nat inside source list 1 interface dialer1 overload
ip nat inside source static tcp 192.168.1.30 80 200.10.15.189 80 extendable
access-list 1 permit 192.168.0.0 0.0.0.255
!
ip route 0.0.0.0 0.0.0.0 interface dialer1
!


PIX 506E:
---------

!
nameif eth0 outside security0
nameif eth1 inside security 100
!
ip address outside 192.168.0.201 255.255.255.0
ip address inside 192.168.1.21 255.255.255.0
!
route outside 0.0.0.0 0.0.0.0 192.168.0.200 1
!
global (outside) 1 192.168.0.202-192.168.0.248
nat (inside) 1 192.168.0.0 255.255.255.0
!
name 192.168.1.30 webserver
!
static (inside,outside) 200.10.15.189 webserver
!
access-list acl_out permit tcp any host 200.10.15.189 eq 80
!
access-group acl_out in interface outside
!

--------
Maby I am going about this the wrong way,
maby there is still hope just by tweaking my static nat translation at the
router.
If you have reached this far, thank you for your time and effort.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63458&t=63458
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to