Hi, > - Can I automatically assume that everything with the src address of the > Cisco comes from the Internet? I don't think there'll be reference to > the real internet address left, since the Cisco has to do NAT aswell?
If the Cisco is doing NAT it will only be NATing your source ips, not the internet ips. So no. Anything with the src address of the cisco will be from the cisco. > - Lan IP, Lan IP 1, Lan IP 2 are all in the same subnet. Is that ok? You need them to be on separate subnets. If you already have a setup that you don't want to change too much, you could have overlapping subnets, but thats not a very tidy solution. ie: LAN IP 192.168.0.1/30 LAN IP1 192.168.0.2/30 LAN IP2 192.168.0.4/24 (with IPs .0 through to .3 can't be used on the internal subnet) > - Client machines in the network set their default gateway to 'Lan IP > 2'. The gateways on the firewall are 'Lan IP 1' for the internal and > 'Lan IP' for the external. Correct? The clients should have LAN IP2 as their default gateway, the default gateway for the firewall is LAN IP. Hope this helps. Craig
