Firewall behind a Cisco?

[itecs]

Please excuse my ignorance in this issue.

At my office we have a T1 line from SBC and they provided a Cisco 1700 that currently handles the network NAT. We have 5 public IPs on the outside interface of the CISCO router, the router is configured to NAT those public IPs to a private scheme of 192.168.x.x.

Could I place a firewall unit (watchgaurd Firebox X500) behind the router and have that unit provide a NAT as well?

this is what we would like to see...

INTERNET -> (Public IP) CISCO 1700 -> (NAT FROM CISCO) 192.168.x.x -> FIREWALL (Have the firebox NAT the Private IP from the CISCO to another Private IP range) -> 10.47.x.x

 

[jpm121]

You can do it, but a better solution would be to have the router just do the routing for all the addresses, assign a public IP address to the firewall, and let it NAT to your private range. NAT -> NAT can be hassle to troubleshoot, and if you don't have a good reason for it, I'd say don't.

 

[itecs]

Thanks for the heads up. I agree that a NAT -> NAT would be a hassle, so the next step is I need to learn how to reconfigure my Cisco 1700 to, what I believe you call, a pass-through?

Anyone have any how-to docs that specify Cisco command lines and a configuration template for that?