Nat with two Routers

[billmx]

I have a Cisco 1601 setup running NAT. I would like to add a sonicwall in between the Cisco and our internal network. I'm eventually going to use the sonicwall for a dual wan to combine T1 and Cable broadband. The setup I'm thinking of is like this :

(public address) cisco (192.168.100.1) --> (192.168.100.2) sonicwall (192.168.1.1) --> network (192.168.1.*)

When I tested this out however , external traffic couldn't get to our mail server which is a NAT address. Any advice on how to get this configuration going would be appreciated. I think something is wrong in my setup on the Cisco :


!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname companyinc
!
enable secret xxxxxxxxxxxxxxxxxxxxxxxxx
enable password xxxxxxxxxxxx
!
username companyinc password
ip subnet-zero
no ip source-route
no ip finger
!
!
!
interface Ethernet0
description prohibits pinging subnet or network and getting a reply from all devices on the lan
ip address 192.168.100.1 255.255.255.0
no ip directed-broadcast
no ip proxy-arp
ip nat inside
no cdp enable
!
interface Serial0
description *********** WAN interface if using Serial ***********
ip address xxx.xxx.xxx.186 255.255.255.248
no ip directed-broadcast
no ip proxy-arp
ip nat outside
encapsulation frame-relay IETF
no fair-queue
frame-relay interface-dlci 16
frame-relay lmi-type ansi
!

!
ip nat pool company xxx.xxx.xxx.186 xxx.xxx.xxx.186 netmask 255.255.255.248
ip nat inside source list 100 pool companyinc overload
ip nat inside source static 192.168.1.5 xxx.xxx.xxx.187
ip nat inside source static 192.168.1.6 xxx.xxx.xxx.188
ip classless
no ip forward-protocol udp bootpc
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.185
ip route 192.168.1.0 255.255.255.0 192.168.100.1

!
access-list 100 permit ip 192.168.100.0 0.0.0.255 any
!
no cdp run
snmp-server community public RO
!

!
end


Thanks,
Bill

 

[Sedmail]

Dear Friend ,

you can remove the router and do the same configuation in the sonicwall. you can do the one to onr nat for the mail server form Sonicwall.

Panchara

 

[billmx]

The input from the T1 into the cisco is a cable with a serial port connection. That cable won't connect into the sonicwall which only has a RJ45 WAN port.

Is what I am trying to do a reasonable configuration ?

Thanks,
Bill

 

[lambent]

ip nat pool company xxx.xxx.xxx.186 xxx.xxx.xxx.186 netmask 255.255.255.248
ip nat inside source list 100 pool companyinc overload
ip nat inside source static 192.168.1.5 xxx.xxx.xxx.187 <---host behind firewall
ip nat inside source static 192.168.1.6 xxx.xxx.xxx.188 <---host behind firewall
access-list 100 permit ip 192.168.100.0 0.0.0.255 any <---this is outside the firewall

Are you doing NAT on your Sonicwall? What's the internal IP address of your mail server? It seems that you're doing NAT on your Cisco router to translate both 192.168.1.x and 192.168.100.x to the public address.

If you're running NAT on your sonicwall, then I think you should be only translating 192.168.100.x addresses to the public addresses.

 

[billmx]

My goal is to move all the nat to the sonicwall, but one server at a time. Can I do that ?

I'd like to remove:
ip nat inside source static 192.168.1.5 xxx.xxx.xxx.187

from the cisco and add it to the sonicwall. But then how do I direct that traffic destined for xxx.xxx.xxx.187 through the cisco to the sonicwall where NAT will translate it to 192.168.1.5 ?