Hmm, No special configuration to allow 544 in.
Using Surf Sentinel transparent proxy. OBF allow all out. David At 09:05 AM 11/24/2005, Martin Hepworth wrote:
In a word yet it can. Just assign the internet site of the firewall the ip-addresses you need as aliases. I do this (have have done this for well over 6 years) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: Todd Ritter [mailto:[EMAIL PROTECTED] > Sent: 22 November 2005 20:14 > To: [email protected] > Subject: [gb-users] Two Public Networks - One Provider > > I was hoping the Gnatbox gurus out there could help me solve this problem, > which I think is solvable. > > > > We currently have a SONET connection that gives us an Ethernet handoff > that > is plugged into our Cisco Router. The Cisco router is plugged into our > Gnatbox 1000. The Gnatbox is plugged into our network switch. I don't > see > a reason to keep the Cisco router in place, but I'm having difficulty > wrapping my head around the IP addressing/routing with the firewall. > There > are 2 sets of public IP's involved, and 1 private scheme (192.168.1.0/24). > Our external router address is assigned an IP in the range of our service > provider: X.X.8.14/30, and the internal interface on our router is > assigned > an IP that is in the range of our public subnet assigned to us by our > provider from ARIN: X.X.50.65/28. The external interface on our gnatbox > is > X.X.50.66/28. Can the gnatbox route between all 3 networks even though > only > 2 network interfaces on the firewall would have physical connections? > > > > -I want tunnels from outside users to go to our assigned subnet > (X.X.50.64/28) to go to private servers like they do now. > > -I want our private workstations to be able to access all our servers by > private IPs like they can now > > > > I'm not sure if this is possible, but it doesn't seem to me like our > router > is doing anything for us. Although, how does the rest of the world know > where our X.X.9.64/28 address are without a router? RIP on the firewall? > I > assume I need to use a PSN somehow, but it seems like it would cause > problems with our static VPN connection that uses an IP from our range > (X.X.50.66), so I would want to be able to keep that for the VPN object. > And I have some "special" users mapped to our external IP's (in the > X.X.50.64/28 range) for outbound VPNs to clients that I still need to use. > > > > Please see this picture for a drawing of what I'm trying to explain: > http://www.westfaliausa.com/proposed.jpg > > > > I hope this makes some sense, and I really appreciate any help/thoughts > that > you can provide.
------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://archives.gnatbox.com/gb-users/
