Re: IP Addressing
- From: "K.J. 44" <Holleran.Kevin@xxxxxxxxx>
- Date: 6 Sep 2006 11:53:08 -0700
One more quick question (if this post isn't too old to get picked up
anymore). I am running ISA as well on the exchange server. How would
the static NAT work with that? Does ISA make the request for each
host? therefore, would every packet travelling to the ASA have the IP
Address of the ISA server (and thus the same as the mail server)?
Thanks.
Igor Mamuzic wrote:
I don't know which firewall you have, but if it's able to do NAT on IP
addresses that aren't applied to any of interfaces (as Cisco does) then you
can keep your existing addressing scheme (keep private addressing between
firewall and router). On the firewall create a static NAT entry as I wrote
you in my previous post and then on the router create a static route that
points to public IP address (the one on which you translated your Exchange)
and as a gateway for that static route use your firewall's ip address that
connects to the router.
Here is the example:
on the firewall (I'll assume that you have additional Cisco router as a
firewall, but even if you don't you'll understand what I'm doing):
!we 're doing NAT to publish my Exchange server on the Internet
FIREWALL(config)#ip nat inside source static 192.168.10.1 200.200.200.1
on the router:
!we are creating a static route that enables my router to route to exchange
public IP address using firewall interface private address as a gateway:
ROUTER(config)#ip route 200.200.200.1 255.255.255.255 192.168.40.1
and that's it....try to implement this and tell me if it does job for you...
B.R.
Igor
"K.J. 44" <Holleran.Kevin@xxxxxxxxx> wrote in message
news:1156861313.995877.96890@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I guess if I can't do that, then I can subnet my block of 5 addresses
so my outer address is configured as a point to point with my gateway
address at my carrier and then use the other addresses as a point to
point subnet between my router and firewall using the rest of the
public addresses.
Then the MX record would reflect my outer address of my firewall right?
THen I wouldn't have any addresses left to be able to create a static
NAT for my email server though. (I would use all of them creating the
public point to point between my route and firewall).
Still confused at how to proceed.
Help greatly appreciated. Thank you.
K.J. 44 wrote:
What i have is a router which is connected to a firewall. Here is
where I want the NAT and VPNs to terminate. I am having trouble
figuring out how to set this up.
If I have NAT at the firewall then information has to get from the
router to the firewall for the NAT translation. Does this mean I have
to have public IPs between the router and the firewall?
I have 5 IP addresses to work with from my carrier but I don't want to
hastily use them. How can I get information to get passed from the
router to the firewall and how should I address?
Internet ---> (public IP) router (private IP) ------- (private IP)
Firewall doing NAT and terminating VPNs (private IP) ------ LAN
Is there a way to successfully set up the above schema?
thanks.
Igor Mamuzic wrote:
If you have IP address that you can assign only for Exchange, then use
pure
static NAT that isn't related with public ip address assigned to your
external or any physical / logical interface. In Cisco IOS type:
ip nat inside source static private_address exchange_public_ip
Then on inbound ACL applied onto external interface permit traffic from
any
internet host onto your exchange_public_ip:
access-list 100 permit tcp any host exchange_public_ip eq 25
that's it
B.R.
Igor
"K.J. 44" <Holleran.Kevin@xxxxxxxxx> wrote in message
news:1156803181.415102.247360@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Thanks for the reply. What i have is a T1 terminating at a router,
which is hooked to a firewall that I want to do NAT, which is hooked
into the LAN. In the LAN i have a single server. that server is
going
to be running Exchange for mail. I am given five IP addresses from
my
carrier. Everything is inside the firewall on the private addressing
side of the NAT box.
I am trying to figure out the best way to set this up. I have so far
used a single public IP on the public side of my router and all other
connections are using private addressing (between the router and the
firewall, and the firewall and the inside network).
Do I just make my MX record the public IP on the router's interface
and
then in my router ACLs allow traffic to come in on port 25?
Thanks.
Doug McIntyre wrote:
"K.J. 44" <Holleran.Kevin@xxxxxxxxx> writes:
I have an internal server that is going to be hosting an exchange
server. When I have my MX record point to an IP address, do I need
to
have it point to the external interface on my router at the edge of
my
network? Can I have two IPs on there, one for mail and another for
all
other traffic (so I can do a static NAT, if it comes in to this
address, send it as mail to the server)?
Yes, you'd have to have the MX pointing to the external IP you have.
If you publish an internal IP globally, nobody will be able to route
to your server, you have to publish the external IP..
Really depends quitealot on what you have for your firewall device
on
the outside doing NAT. There's certainly many other there that will
let you have multiple outside public IPs and do the mapping you want
to do. Of course, you'd have to have multiple external IPs from your
ISP as well.
.
- Prev by Date: Re: ACLs and NAT
- Next by Date: VPN Concentrator 3020
- Previous by thread: Re: IP Addressing
- Next by thread: REPOST: OSPF Database Help
- Index(es):
Relevant Pages
|
