This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM NAT behind Cisco Router

Hello,

We have a Sophos UTM 220 device, which sits behind a Cisco ADSL2 router.

Now the router authenticates and creates the internet connection. I believe this has NAT running on it already.

Also the Sophos UTM 220 has NAT running on it. Should I disable NAT on the cisco router or or on the Sophos UTM? Where is it recommend to have NAT?

Bascailly this is the setup

Client PC's (192.168.0.0/24)
|
|
[LAN Port 192.168.0.1]
UTM 220
[WAN Port 192.168.1.2]
|
|
Cisco Router 877 [LAN 192.168.1.1 ]
|
|
Internet

This thread was automatically locked due to age.

0 TheDrew over 12 years ago

Hi Matt,

Preference is always for the UTM to handle as much of the routing/NAT/firewalling as possible.

How much, if any, functionality is the Cisco providing beyond acting as a modem w/ NAT?

Forgive any terse replies. Sent from my iPad.
Cancel
Vote Up 0 Vote Down

Cancel
0 stealthmatt_01 over 12 years ago

Nothing, should I perhaps set the cisco router into a bridge mode and let the UTM authenticate instead?

The reason why we have the cisco router setup this way is because if the UTM restarts/fails etc we can still attempt to ssh into the UTM because the UTM isn't the one thats authenticating to the ADSL line

edit: doh the title should say behind not being [:(] can someone update this please?
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 12 years ago

Matt, notice that the title of your post changed when I changed the title of the thread per your request. I think the implication is that you could have changed the thread title: edit post #1, [Go Advanced] and edit the post title.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 stealthmatt_01 over 12 years ago

Hi Bob, no I updated the title of the post when I noticed it but there was no way for me to update the thread title [:(] Thank you very much anyways!
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 12 years ago

Thanks, Matt, I hadn't tried that.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 stealthmatt_01 over 12 years ago

So Drew, I should set the Cisco router in bridged mode and let the WWW be presented to the Sophos UTM? rather than letting the cisco router do the authentication?
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 12 years ago

Yes, bridging the modem/router is recommended.

Barry
Cancel
Vote Up 0 Vote Down

Cancel