Thank you very much guys. I really appreciate it.
I talked with Cisco guys and my routers need firmware which they don't have
anymore. According to your feedback about sofware NAT solution is not the
best. I have another idea. Let me know what you think?
-I will take the wireless network to another subnet, say 10.7.x.x.
-Add static routes to that subnet from all routers. (ip route 10.7.0.0
255.255.0.0 10.1.1.100)
-10.1.1.100 is a the new router that I am going to put up.
The physical design will be like:
10.1.1.1 => 10.1.1.100 / 10.7.1.1 => 10.7.x.x
Cisco 2500 New Router Wireless network
What do you think about this solution? Which router would you recomend?
The network traffic will be very low, a few RF terminals will be running.
Again thank you very much. I will check out the web site J.R.
Regards,
Cem
----- Original Message -----
From: "john riehl aka j.r." <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: July 07, 2003 6:14 PM
Subject: Re: [SOCALWUG] WAP 11 bridge problem
> cem wrote:
> >
> > I have two interfaces. I just sent one of them. The other one is down
now.
> > (Murphy rules.)
> >
> > I have another question. My router is Cisco 2500 version 11.1(8). I
think I
> > need a new firmware to be able to use NAT command. Instead of dealing
with
> > the router,
> > can I do something like this?
> > 10.4.x.x ==> 10.1.1.1 ==>static route to 10.1.1.111 (machine) ==>
10.1.1.130
>
> what topology?
>
> 10.4.x.x ===> must go to a 10.4.x.x port of a router/nat box. that box
> must also have a 10.1.x.x port. that box has a default route to the
> router address.
>
> > The machine will have WinRoute software installed - it has one NIC. The
> > software will do the NAT for that specific IPs.
>
> I assume that this has two virtual addresses on the one nic.
>
> > How does it sound?
>
> potentially dicey. There are a couple of potential problems here.
>
> first off, most natting is dynamic. it is intended for outgoing access.
> If you have a server, printer, etc. in the 10.4.x.x network, unless
> you have a static NAT, it will be inaccessible to anyone outside the
> 10.4.x.x network. the idea of nat is to hide the inside network from
> the outside.
>
> Second, many protocols dont nat well. Part of this depends on the
> quality of the nat software. Some protocols (ftp) have a second, data
> channel, information about which is discussed in the control channel.
> the nat software has to intercept, possibly edit, and respond to it.
> some nat software does it well, other software doesnt. some av
> applications have fixed ports. only one person will be able to nat out
> an address and use those ports at a time.
>
> there are some other issues, but I would have to write volumes to
> explain it adequately.
>
> I think a router would be a better bet.
>
> > Another quick question: Where can I learn about networking stuff? I feel
> > really dumb and sick of trial and error.
>
> I would suggest elementary cisco (CCNA) books. If you would prefer a
> class I know of a good inexpensive school (http://www.sabertech.net ).
> If you are working with a particular type of system (MS, linux, etc.),
> you might consider checking out books with that, especially
> certification oriented books.
>
> jr
>
>
>
>
