Firewall Wizards mailing list archives

Re: IP in IP and FW1

From: Colin Campbell <sgcccdc () citec qld gov au>
Date: Wed, 24 Sep 1997 17:59:44 +1000 (EST)

Hi

How about one of two solutions:

1) replace R1 with Cisco running 11.2 IOS and do NAT on the router.
2) restructure the LAN to be:

                             Internet
                                ^
                                |
                                R2
                                |
      NET1 ------ R1 ---------- FW1-------------- NET2

Colin

My mailer thinks Neale Banks said:


Hi,

I have been asked to advise on a problem with a RFC1918 subnet that needs
to communicate with the Internet via FW-1 and NAT. 

A picture is worth a thousand words, so:

                            Internet
                               ^
                               |
     NET1 ------ R1 ---------- R2 ---- FW1------ NET2

The main complication here is that both NET1 and NET2 are using RFC1918
addresses, and R2 also has the default route to the internet.  Ideally
Internet traffic from FW1 SecuRemote clients on NET1 would be directed to
the FW1 and NATed to assigned address space before venturing to the
internet.

Current thread:

IP in IP and FW1 Neale Banks (Sep 23)
- Re: IP in IP and FW1 Colin Campbell (Sep 24)
- <Possible follow-ups>
- Re: IP in IP and FW1 keithcha (Sep 24)
- RE: IP in IP and FW1 Safier, Adam (GEIS) (Sep 24)