windowsfan
IS-IT--Management
In out network we have a old version of firewall. what I want to know is, where is Natting done, on firewall or Cisco router?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Natting
- Thread starter windowsfan
- Start date
- Status
- Thread starter
- #3
windowsfan
IS-IT--Management
I am trying ISA firewall parellel to the existing old checkpoint firewall.
if I want to use one of the natted IP on ISA server which is not using default gateway as firewall which is natting that address.
my exchange server is using default gateway as checkpoint firewall.
routable IP 207.xxx.xxx.xxx is natted to internal ip address of exchange 10.0.0.61. everything works fine as of this configuration.
now I want to use 207 address directly on external NIC of ISA but it's not working as it thinks it being used by some other device. How do I move forward.
if I want to use one of the natted IP on ISA server which is not using default gateway as firewall which is natting that address.
my exchange server is using default gateway as checkpoint firewall.
routable IP 207.xxx.xxx.xxx is natted to internal ip address of exchange 10.0.0.61. everything works fine as of this configuration.
now I want to use 207 address directly on external NIC of ISA but it's not working as it thinks it being used by some other device. How do I move forward.
WindowsFan,
Two ways of making this work:
- PAT (using the external NIC of your ISA but NATING it to the internal IP address when the port is 110, 25 or whatever you use
- asking your ISP for more IP adresses so you can add static NAT to your Mail server and your external ISA server NIC.
Regards,
Abner
Two ways of making this work:
- PAT (using the external NIC of your ISA but NATING it to the internal IP address when the port is 110, 25 or whatever you use
- asking your ISP for more IP adresses so you can add static NAT to your Mail server and your external ISA server NIC.
Regards,
Abner
- Thread starter
- #5
windowsfan
IS-IT--Management
I have more static IP but than I also need to make a change for mx record and I dont want to do that.
what if I just use routable IP 207.xxx.xxx.xxx on external NIC of ISA and dont worry about natting done on Checkpoint firewall. ISA dont support 1:1 natting so i cannot use that feature. I need to publish server using routable IP address.
2nd option might be
routable IP is 207.xxx.xxx.xxx natting to 10.0.0.61
what if I use 10.0.0.61 on ext nic of ISA
and
use 10.0.0.62 on exchange server and default gateway on exchange as ISA firewall (I am not sure if this will work or not because if I use ISA as default gateway than how will natting take place)
what if I just use routable IP 207.xxx.xxx.xxx on external NIC of ISA and dont worry about natting done on Checkpoint firewall. ISA dont support 1:1 natting so i cannot use that feature. I need to publish server using routable IP address.
2nd option might be
routable IP is 207.xxx.xxx.xxx natting to 10.0.0.61
what if I use 10.0.0.61 on ext nic of ISA
and
use 10.0.0.62 on exchange server and default gateway on exchange as ISA firewall (I am not sure if this will work or not because if I use ISA as default gateway than how will natting take place)
- Status
Similar threads
- Locked
- Question