Re: 2k VPN/RAS issues

anonymous_at_discussions.microsoft.com
Date: 03/23/04 

Date: Mon, 22 Mar 2004 16:13:40 -0800

In the past they were side by side (until that firewall
broke and I put in the new one). The old firewall had
mulitple wan ports where as the current firewall only has
one wan port. At that point I activated NAT on the
firewall to allow traffic on the public address to get to
the right box. Basically, in essence the second NIC on
the server (123.x.x.x) doesn't really go anywhere (as it
is still inside the local network). It also won't ever
receive any traffic due to my having NAT turned on the
firewall. All traffic that is inbound to 123.x.x.x is
routed to 192.x.x.x when it hits the firewall. So
currently it looks like this...

(r)outer --> (F)irewall --> switch --> (S)erver & LAN

one - one NAT goes like this

Private Public
192.168.20.40 --> 123.123.123.1

i am confuzzing myself let alone how you are handling
this. thanks for stickin with this.

>-----Original Message-----
><anonymous@discussions.microsoft.com> wrote in message
>news:ebc801c4105a$9ff1edf0$a601280a@phx.gbl...
>> ok, so I explained that badly...
>>
>> public addy of the server 123.123.123.1 - private
>> 192.168.20.40
>>
>> public addy of the router 123.123.123.2 - no private
>>
>> public addy of the firewall 123.123.123.3 - private
>> 192.168.20.3
>>
>> NAT is turned on on the firewall that changes the
>> 123.123.123.1 to 192.168.20.40 (123.123.123.1 is also
>> configured as the addy on the second nic card, but
isn't
>> truely functioning I don't think because all traffic is
>> routed to the local adapter (192.168.20.40).
>
>This doesn't make sense. Before we go farther into
this, I need to get this
>straight. I need to know the topology (cabling) not just
the IP#s. Both the
>server and the firewall have a public and private IP#
each, so...how are
>they cabled together? Side-by-side? Back-to-
back?....Now back-to-back
>couldn't possibly work but I need to verify how it is
rigged up, I can't
>just assume someone did it one way or the other,...you'd
be surprised what
>people do sometimes.
>
>Side-by-Side:
>
> ----- Server----->
> / \
>LAN--- Hub?----->
Router--->Internet
> \ /
> ---- Firewall---->
>
>
>Back-to-Back:
>
>LAN--->Server---> Firewall --->Hub?-->Router--->Internet
>
>
>--
>
>Phillip Windell [MCP, MVP, CCNA]
>www.wandtv.com
>
>
>
>.
>

Relevant Pages

  • Re: home network behind NAT and firewall ?
    ... >> real Firewall appliance with more than 20 systems at any given time. ... >> firewall provides for the ability to assign both public (not nat) and ... that would reset the router and allow remote control - it was noted ... >> LAN inside their network and it would never have to reach the ISP's ...
    (comp.security.firewalls)
  • Re: NAT vs. True Firewalls
    ... not just mean packet filter. ... A firewall can be made up of one or more ... components that can block or filter protocol traffic between two networks. ... So a NAT can be as much part of a firewall implementation as the ...
    (comp.security.firewalls)
  • Re: 56k dial up on laptop 802.11G ?
    ... NAT is not FW software. ... > firewall is literally anything that defends your network against ... >>By comparing the way NAT functions between two networks, ... >>And I consider the FW appliance to out class the packet filtering NAT ...
    (alt.internet.wireless)
  • Re: do i need a new router
    ... Standard SBS ... > uses IPSec, NAT and port forwarding, Premium SBS includes all that plus ... I've never had a firewall or an appliance ... public connection and always tucked them ...
    (comp.security.firewalls)
  • Re: NAT is not a mechanism for securing a network.. but.. HELP!
    ... For years I have heard people claim that NAT could be circumvented ... > packet is routed. ... but the only outside network I have access to right now ... > Firewall is a term, most people use other than it was intended. ...
    (comp.security.firewalls)