I have an SSG5 that has been plugged into cable modem, receiving an address from ISP via DHCP. Inside network gets NAT"d to external interface on juniper for internet traffic, so inside trust interface is in NAT mode, untrust side is in route mode. Now I have a need to insert a router in between the firewall and the cable modem, and not quite sure how to configure either or both. The router is set to NAT mode by default. The router will now be pulling the DHCP address from the ISP instead of the firewall. I was going to configure a static IP on the LAN side of the router, with another static IP on the same subnet on the untrust interface of the firewall so they would be on their own subnet separate from my inside network. But if internet destined traffic hits the juniper, it would get NAT'd to the static IP I set on the untrust interface, then sent over to the router, where it would go through another NAT as it left its Internet facing interface. Will this work, can the packet go through this double NAT? I'm a little lost as to how that would work. Is this as simple as putting the router in route mode? Not sure what changes, if any, I need to make to the firewall to get my LAN traffic out through both devices. Help appreciated.
↧