At 09:28 AM 2/14/97 -0600, Jim Jones wrote:
>
>Hello,
>
>Has anyone used the network address translation feature on a cisco router?
>I was wondering how well it works and has anyone used this feature from a
>cisco? Any info would be appreciated. It is suppose to be part of the
>cisco 11.2.3 relase and it comes with the IP plus software.
>
>jim jones
>jrjones @
comsource .
net
>
Jim,
We have used it and it works pretty well, except if you do your translation
from one ethernet port to another ethernet port, you will have to configure
a ton of static ARP entries.
The problem is this. Say e0 is your private network, e1 is your public
network.
Your network looks like this:
Internet --- Internet Router ----DMZ----NAT Router---Private Network.
You configure say 123.45.67.50 to 123.47.67.100 as your pool of public
addresses. When devices in your DMZ that are on the 123.45.67 network try
to ARP to send a message to anything in .50 to .100, the NAT Router will
not respond. It should, but it won't. This is a bug that Cisco is working
on.
The workaround is that you need a static ARP table on all devices in your DMZ.
Irwin.
<><><><><><><><><><>
Irwin Lazar
Network Consultant
Network Evolutions, Inc.
http://www.netevolve.com
lazar @
netevolve .
com
<><><><><><><><><><>
|
|
