My first question is why do you want to do NAT? For security? NAT just by
itself doesn't firewall or protect you. If security isn't the issue and you
just want NAT, this will work. You can have multiple outside interfaces
that are NAT'd to the same inside interface.
My recommendation would be to use some of your public IPs for your outside
NAT. Even if you don't want to have it accessible from the internet, this
way they should be globally unique, and no matter what vendor connects to
you, you won't have overlapping address ranges, which would most likely
occur if you used private addresses (as other vendors could possibly be
using those same private addresses).
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
""SH Wesson"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I need some advice on NAT design. Here's the scenario.
>
> This is my current scenario. I have my site at RTRA and a LAN there. At
> RTRA, all the vendor connections come in through it as shown by Vendor_1
and
> Vendor_2. Eventually, there will be Vendor_3, Vendor_4, etc.
> S2
> LAN_Switch----RTRA-------\
> E1 \S1 \
> \ Vendor_2
> \
> Vendor_1
>
> What I want to do is provide NAT such that when Vendor_1, Vendor_2 and
> eventually Vendor_3, Vendor_4 access stuff at RTRA, they will be using a
NAT
> address. I have three questions:
>
> 1. Can I configure NAT such that E1 is the "NAT Inside" interface and have
> S1 and S2 both as "NAT Outside" interfaces and then of course the statics.
>
> 2. Should I have a switch hook up to E2 (not shown in drawing), then hook
> Vendor_1, Vendor_2, Vendor_3, etc. hook up to the same VLAN on that switch
> and have E2 configure as the only "NAT Outside" interface. That way, E2
is
> the only "NAT Outside" interface, but all the Vendors that connect through
> that switch will use the same NAT address.
>
> 3. Is this sort of NAT recommended to be configure on the core router
where
> all WAN connections come in or should I have another router that connects
> directly to RTRA and then do that through there and use any of the
questions
> in 1 or 2 as the solution.
>
> Basically, what is the best design for my scenario even if my
> solution/question above is not right, any recommendations would be
> appreciated. Thanks.
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=2784&t=2766
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
