Calvin,
You could place a little Cisco router between your firewall and the devices
that provide your Internet connectivity and use policy routing to direct
your employee's web browsing to the ADSL line. Any of their routers with
two ethernet ports would work. Policy based routing looks at the source IP
as well as the destination IP before deciding where to route the traffic.
Here are links to setup instructions for policy based routing on Cisco IOS:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c/qcpart1/qcpolicy.htm#5351
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/np1_c/1cprt1/1cindep.htm#5030
Set up your address translation table in the firewall rules according to
the instructions in Checkpoint's NAT guide:
http://support.checkpoint.com/kb/docs/public/firewall1/3_0b/pdf/address30_translation.pdf
What you need is one default gateway for the firewall (a router) which can
make the decision about which Internet connection to send the traffic to.
If your existing Internet router has a spare Ethernet port and can do
policy routing you could just connect your ADSL device to that port and set
up policy routing on your existing box.
Matt Ruehlen
Network Operations Supervisor
ELF Technologies, Inc.
"Calvin Maa"
<[EMAIL PROTECTED]> To:
<[EMAIL PROTECTED]>
Sent by: cc:
[EMAIL PROTECTED] Subject: [FW1] 2
external how to use NAT
kpoint.com
08/11/00 07:07 AM
Dear All:
I need your advise. I got 1 lease line to Internet (ex. Router
IP:210.59.167.254) another is ADSL . I want to use Lease line to serve my
web server and ADSL to make my employees to link to Internet.
'cause each computer just can have a default gateway. If there is any
possible way to make my wish come true ?
External Router :210.59.167.254 mask 255.255.255.192
ADSL Router: 211.21.21.33 mask 255.255.255.248
Firewall Interface 1 (External,I bind 2 IP )
IP:210.59.167.253 mask 255.255.255.192
IP:211.21.21.34 mask 255.255.255.248
Default gateway : 210.59.167.254
Firewall Interface2 (DMZ)
IP:172.17.1.254 mask 255.255.0.0
Firewall Interface (Intranet)
IP: 172.16.1.254 mask 255.255.0.0
I want to map 172.17.0.0 segment to use Firewall NAT use leaseline
(210.59.167.xx) to serve our web user , and map 172.16.0.0 segment to use
Firewall NAT use ADSL (211.21.21.xx) .
Thanks for any advise .
-Calvin Maa
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
