Re: [TriLUG] OT: Router then Firewall

Mon, 15 May 2006 13:25:38 -0700

you should be able to do this with either linux or openbsd, this might point you in the right direction: 

http://www.trilug.org/pipermail/trilug/Week-of-Mon-20031027/021269.html

not 100% identical to what you want to do but kinda sort of vaguely similar.

jason

Steve Hoffman wrote:
Can anyone suggest a decent router, that can also be used as a firewall with 
NAT?  I was able to set a cisco 2500 series router to route between two
incoming connections by using route-maps.  I've recently purchased a Cisco
ASA 5510 to add a little more protection and was assured at the time of
purchase it could do what I needed..well, now I see that it can not.  If I
have to purchase a second one I will, but I'd rather have a good router that 
can route between more then one inbound provider and restrict access to our
public interfaces.

Here's what I want...

All addresses are private IP's on the internal network (10.0.0.0/24)

A total of two incoming internet connections with three separate IP ranges
(2 /29's and 1 /28)

I'd prefer that all traffic go out via one default ip address UNLESS a NAT
rule is setup to translate to one of the 24 available IP addresses, at which 
point the packet should go to the default gateway for that network....
I can't imagine I'm the first person to want this, but I guess I'm the first 
to want to do it with an ASA?  On the surface the ASA can do everything
EXCEPT specify the next hop for an external internet connection.  It only
allows for one default route and doesn't allow for a "set default next-hop
xxx.xxx.xxx.xxx" as a router does...which shoots my whole plan to shit.
I've considered using RIP or OSPF, but unfortunately one of our internet
connections is a RR business class (hey..it's got great download speed)
connection that I can't alter the routing info so that's out.

As always, your words of wisdom are welcome.

Thanks,
Steve

--
TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ  : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/

Reply via email to