[TriLUG] OT: Router then Firewall
jason at cerient.net
Mon May 15 16:25:28 EDT 2006
you should be able to do this with either linux or openbsd, this might
point you in the right direction:
not 100% identical to what you want to do but kinda sort of vaguely similar.
Steve Hoffman wrote:
> Can anyone suggest a decent router, that can also be used as a firewall
> NAT? I was able to set a cisco 2500 series router to route between two
> incoming connections by using route-maps. I've recently purchased a Cisco
> ASA 5510 to add a little more protection and was assured at the time of
> purchase it could do what I needed..well, now I see that it can not. If I
> have to purchase a second one I will, but I'd rather have a good router
> can route between more then one inbound provider and restrict access to our
> public interfaces.
> Here's what I want...
> All addresses are private IP's on the internal network (10.0.0.0/24)
> A total of two incoming internet connections with three separate IP ranges
> (2 /29's and 1 /28)
> I'd prefer that all traffic go out via one default ip address UNLESS a NAT
> rule is setup to translate to one of the 24 available IP addresses, at
> point the packet should go to the default gateway for that network....
> I can't imagine I'm the first person to want this, but I guess I'm the
> to want to do it with an ASA? On the surface the ASA can do everything
> EXCEPT specify the next hop for an external internet connection. It only
> allows for one default route and doesn't allow for a "set default next-hop
> xxx.xxx.xxx.xxx" as a router does...which shoots my whole plan to shit.
> I've considered using RIP or OSPF, but unfortunately one of our internet
> connections is a RR business class (hey..it's got great download speed)
> connection that I can't alter the routing info so that's out.
> As always, your words of wisdom are welcome.
More information about the TriLUG