Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1997

NFR Wizards Archive: Re: IP in IP and FW1

Re: IP in IP and FW1

Colin Campbell (sgcccdccitec.qld.gov.au)
Wed, 24 Sep 1997 17:59:44 +1000 (EST)

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Benoit Dicaire: "Re: Remote Mail Users"
Previous message: Doug Hughes: "Re: artificial ignorance: how-to guide"
In reply to: Marcus J. Ranum: "artificial ignorance: how-to guide"
Next in thread: GEIS: "RE: IP in IP and FW1"

How about one of two solutions:

1) replace R1 with Cisco running 11.2 IOS and do NAT on the router.
2) restructure the LAN to be:

                             Internet
                                ^
                                |
                                R2
                                |
      NET1 ------ R1 ---------- FW1-------------- NET2

Colin

My mailer thinks Neale Banks said:
>
> Hi,
>
> I have been asked to advise on a problem with a RFC1918 subnet that needs
> to communicate with the Internet via FW-1 and NAT.
>
> A picture is worth a thousand words, so:
>
> Internet
> ^
> |
> NET1 ------ R1 ---------- R2 ---- FW1------ NET2
>
> The main complication here is that both NET1 and NET2 are using RFC1918
> addresses, and R2 also has the default route to the internet. Ideally
> Internet traffic from FW1 SecuRemote clients on NET1 would be directed to
> the FW1 and NATed to assigned address space before venturing to the
> internet.
>

Next message: Benoit Dicaire: "Re: Remote Mail Users"
Previous message: Doug Hughes: "Re: artificial ignorance: how-to guide"
In reply to: Marcus J. Ranum: "artificial ignorance: how-to guide"
Next in thread: GEIS: "RE: IP in IP and FW1"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:08:58 CDT