[TriLUG] OT: Router then Firewall

[Jason Tower]

you should be able to do this with either linux or openbsd, this might 
point you in the right direction:

http://www.trilug.org/pipermail/trilug/Week-of-Mon-20031027/021269.html

not 100% identical to what you want to do but kinda sort of vaguely similar.

jason

Steve Hoffman wrote:
> Can anyone suggest a decent router, that can also be used as a firewall 
> with
> NAT?  I was able to set a cisco 2500 series router to route between two
> incoming connections by using route-maps.  I've recently purchased a Cisco
> ASA 5510 to add a little more protection and was assured at the time of
> purchase it could do what I needed..well, now I see that it can not.  If I
> have to purchase a second one I will, but I'd rather have a good router 
> that
> can route between more then one inbound provider and restrict access to our
> public interfaces.
> 
> Here's what I want...
> 
> All addresses are private IP's on the internal network (10.0.0.0/24)
> 
> A total of two incoming internet connections with three separate IP ranges
> (2 /29's and 1 /28)
> 
> I'd prefer that all traffic go out via one default ip address UNLESS a NAT
> rule is setup to translate to one of the 24 available IP addresses, at 
> which
> point the packet should go to the default gateway for that network....
> 
> I can't imagine I'm the first person to want this, but I guess I'm the 
> first
> to want to do it with an ASA?  On the surface the ASA can do everything
> EXCEPT specify the next hop for an external internet connection.  It only
> allows for one default route and doesn't allow for a "set default next-hop
> xxx.xxx.xxx.xxx" as a router does...which shoots my whole plan to shit.
> I've considered using RIP or OSPF, but unfortunately one of our internet
> connections is a RR business class (hey..it's got great download speed)
> connection that I can't alter the routing info so that's out.
> 
> As always, your words of wisdom are welcome.
> 
> Thanks,
> Steve