Need firewall/ router / nat / vpn recommendation

Similar Messages

• I´m doing a design for presale, where I will need a router what support PAT for 500 or a little more of users, it not need any more features only static routing and dhcp pool for 500 users, can you help me for know what router recommend?

  I´m doing a design for presale, where  I will  need a router what support PAT for 500 or a little more of users, it  not need any more features only static routing and dhcp pool for 500 users, can you help me for know what router recommend?

  What is your WAN speed currently and projected WAN speed in the next 3 years?

• Need help on NAT.

  Hello folks,
       I still messing about with my GSN3 lab here. My topolgy is like this : (cloud)-----(router)-----(ASA FW)----(SW)------LAN.
  I can ping out from the router and from the ASA firewall, but I cant figure it out how to make my LAN to ping outside. I searched too.
  I greatly appreciated!!!
  Here are my basic config on the FW and Router:
  hostname ciscoasa
  enable password 8Ry2YjIyt7RRXU24 encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface GigabitEthernet0
  nameif outside
  security-level 0
  ip address 10.10.10.1 255.255.255.0
  interface GigabitEthernet1
  nameif inside
  security-level 100
  ip address 172.168.1.1 255.255.255.0
  interface GigabitEthernet2
  shutdown
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet3
  shutdown
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet4
  shutdown
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet5
  shutdown
  no nameif
  no security-level
  no ip address
  ftp mode passive
  object network inside_mapped
  subnet 172.168.1.0 255.255.255.0
  object network internal_lan
  subnet 172.168.1.0 255.255.255.0
  pager lines 24
  mtu outside 1500
  mtu inside 1500
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  route outside 0.0.0.0 0.0.0.0 10.10.10.2 1
  route outside 0.0.0.0 0.0.0.0 192.168.137.1 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  class-map inspection_default
  match default-inspection-traffic
  policy-map global_policy
  class inspection_default
    inspect icmp
    inspect icmp error
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  crashinfo save disable
  Cryptochecksum:d751984bd942d8b192f58d6b2e8afe8a
  Router1:
  Current configuration : 1108 bytes
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname R1
  boot-start-marker
  boot-end-marker
  no aaa new-model
  memory-size iomem 5
  ip cef
  no ip domain lookup
  ip domain name lab.local
  multilink bundle-name authenticated
  interface FastEthernet0/0
  description To Internet
  ip address dhcp
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  interface FastEthernet0/1
  description inside edge router
  ip address 10.10.10.2 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  duplex auto
  speed auto
  ip route 0.0.0.0 0.0.0.0 192.168.137.1
  no ip http server
  no ip http secure-server
  ip nat inside source list 1 interface FastEthernet0/0 overload
  access-list 1 permit 172.168.0.0 0.0.255.255
  access-list 1 permit 10.10.10.0 0.0.0.255
  access-list 1 permit 172.168.1.0 0.0.0.255
  control-plane
  line con 0
  exec-timeout 0 0
  privilege level 15
  logging synchronous
  line aux 0
  exec-timeout 0 0
  privilege level 15
  logging synchronous
  line vty 0 4
  login

  Hi,
  Your router doesnt have a route for your LAN network behind the ASA. Since the ASA is not doing Dynamic PAT or similiar at the moment the LAN will show with its original IP address to the Router so it needs a route pointing back towards the ASA to be able to return the ICMP Echo reply messages back to LAN users.
  Try adding
  ip route 172.168.1.0 255.255.255.0 10.10.10.1
  On the router
  Also the ASA seems to have some route that is not needed
  no route outside 0.0.0.0 0.0.0.0 192.168.137.1 1
  Hope this helps
  Remember to mark the reply as the correct answer if it answered your question.
  Ask more if needed
  - Jouni

• WRT300N: Class C routing & NAT

  Hi,
  I've just been brought in to as a network admin to manage the network of small 'net cafe. The network the admin before had setup really turned out to be a disaster.
  Okay, here's the breakdown of the equipment I have available:
  30 hosts
  3 switches (10 hosts each)
  1 WRT300N broadband router
  Note: Wireless services are not being used
  The ISP over here has assigned us five IP addresses, but since we have 30 hosts we obviously need to use NAT.
  What I would like to do is implement some sort of Class C subnetting for the three groups of hosts connected into the switches.
  I'd like to use subnets of either 192.168.1.0-192.168.3.0 (255.255.255.0) or even a mask of 255.255.255.240 since a block size of 16 on each subnet will be sufficient. (Each switch is connected into a port of the WRT300N).
  My questions are: Can I accomplish this using just the WRT300N and still be able to use NAT to enable my hosts to access the 'net through ADSL? And if so, how? And if this is not possible, then do I need to get another Linksys router so that I can get my network up and running smoothly by connecting the WRT300N to the new router and then connecting the switches to the new router as well? If this is the case, which wireless router would all of you recommend I get?
  The name of the game here is to optimize speed, so I'd really like to break down the broadcast domains by subnetting.
  Thanks in advance.
  - T.

  Yes you can use the router WRT350N for using the NAT settings on the router ....
  You can connect the router in between Modem & Switch ...

• Linksys WRT600N vs CISCO PIX 506E.... Firewall / Routing Performance

  Hi:
  I am new to the forum and was hoping to tap into some of your expertise. I have a Linksys WRT600N version 1.1 and I recently acquired a CISCO PIX 506E firewall. My question is what should I use as a firewall? Both have SPI etc. Should I:
  a) Use the 506E as a firewall and use the 600 as a wireless access point, or
  b) Use the 600 as a firewall and wireless access point.
  Do both routers have the same firewall routing performance? I want to use the storage feautre on the 600N, but if I do that and use it as a wireless access point the 600 can't get the proper time from the Internet, so my time for newly created folders and files shows they are 10 years old.
  Anyway, just thought I would post and find out what some of the experts thought and maybe someone from Linksys or CISCO. I know the 506E is discontinued and was manufactured around 2001 and the 600N is a new model.
  (Edited subject to keep threads from stretching. Thanks!)
  Message Edited by JOHNDOE_06 on 05-06-2008 10:41 AM

  The PIX is a real firewall. The WRT has a firewall which mostly protects the router itself. People prefer to buy a "SPI firewall router" instead of a simple "router" even though the router firewall does nothing or little to protect the LAN. The only firewall configurations on the WRTs you can usually do is on the Access Restrictions tab. But that's usually all. The LAN itself is not protected by the firewall. You would notice this if you had a public IP subnet and ran it through the WRT: the LAN would be fully exposed to the internet. Some routers have a few functions like protection against denial of service attacks or similar. But even then this often filters only the traffic targeted at the router and not the LAN.
  The common protection of your LAN you have on the WRT is because you use private IP addresses inside your LAN and the router does NAT. However, NAT is not a security mechanism but a mechanism to solve the problem that you can only have a single public IP address but want to use multiple computers, which is why you have to use private IP addresses. Current NAT implementations usually drop unsolicited incoming traffic because they don't know to which IP address in the LAN to send it to. But the notion of NAT is to deliver and to allow connectivity. This has nothing to do with security or a firewall.
  Thus, if you want to use a real firewall use the PIX. On the PIX you can configure the traffic which is allowed to enter the LAN and which not. It is far superior in this respect to the WRT. However, as it is a older model, I cannot tell how fast the PIX is. You should be able to find the old data sheets of the PIX somewhere on the cisco website. They should mention the possible throughput. I guess it won't be an issue.
  To me another point for the PIX are the VPN capabilities which allow you to securely access your LAN while you are on the road.
  Of course, you must know how to configure the PIX correctly. It is a complex device and can be configured pretty much for anything you like. This means of course if you do it wrong you may end up with little or no security.
  BTW, there are no people from linksys in this forums except the moderators (which may be from lithium). To hear from Linksys you have to contact Linksys support.

• ACE: as firewall and NAT. inbound and outbound originals

  Hi Team,
  This time no load balancing is required.
  Two servers inside (with private IP) need to communicate with clients and servers on the internet. ie, internet client originate inbound traffic to our servers, and also our servers originate connections to some internet servers.
  Both of our servers will work indipendently for this purpose.
  I have a few ideas to mix and match configs in the ACE. (This was originally working with FWSM setup). I would like to hear some sound ideas to acheive this using ACE only as firewall/router. No plan to load balance at present.
  Regards to all
  SS

  Gilles,
  Inbound traffic and the related reply traffic can be handled with normal class-map by defining a VIP with public IP.
  The above real server with private IP is now going to make a different connection to the internet. ie,
  outbound traffic and related reply traffic need handling. (no load balancing planned).
  Detination NAT, Static NAT sounds interesting
  Source NAT, Static NAT sounds interesting. Mixing these sound very interesting!! I'm looking for sample configs please.
  SS

• Problem with Cisco 831 router NAT translation or routing

  Hello,
  I’ve reviewed several post on this forum, very useful, and I think this 831 router config should allow for NAT'ng port 8080 to the ‘inside’ ip address, per this statement below. but my efforts have not been successful, no responses get back to outside client (xx.24.40).   clients on inside can communicate outbound fine. The iis server at .10.3 is definitely up and running on port 8080. I know this is probably a duplicate of other posts but if anyone can pinpoint my error I would really appreciate it!!  
  ip nat inside source static tcp 10.10.10.3 8080 interface Ethernet1 8080
  Here is some debug ip nat output when attemping to connect on port 8080, do not get response back from server to external client (xx.24.40)….
  Feb 03 13:22:49 10.10.10.1 297472: *Mar 2 00:09:31.894: NAT: o: tcp (xx.xx.254.40, 44123) -> (xx.xx.254.128, 8080) [21674]    
  Feb 03 13:22:49 10.10.10.1 297473: *Mar 2 00:09:31.894: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21674]
  Feb 03 13:22:52 10.10.10.1 297474: *Mar 2 00:09:34.906: NAT: o: tcp (xx.xx.254.40, 44122) -> (xx.xx.254.128, 8080) [21678]    
  Feb 03 13:22:52 10.10.10.1 297475: *Mar 2 00:09:34.906: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21678]
  Feb 03 13:22:52 10.10.10.1 297476: *Mar 2 00:09:34.906: NAT: o: tcp (xx.xx.254.40, 44123) -> (xx.xx.254.128, 8080) [21679]    
  Feb 03 13:22:52 10.10.10.1 297477: *Mar 2 00:09:34.906: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21679]
  Feb 03 13:22:58 10.10.10.1 297478: *Mar 2 00:09:40.906: NAT: o: tcp (xx.xx.254.40, 44122) -> (xx.xx.254.128, 8080) [21684]    
  Feb 03 13:22:58 10.10.10.1 297479: *Mar 2 00:09:40.906: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21684]
  Feb 03 13:22:58 10.10.10.1 297480: *Mar 2 00:09:40.906: NAT: o: tcp (xx.xx.254.40, 44123) -> (xx.xx.254.128, 8080) [21685]    
  Feb 03 13:22:58 10.10.10.1 297481: *Mar 2 00:09:40.910: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21685]
  Feb 03 13:23:10 10.10.10.1 297482: *Mar 2 00:09:52.922: NAT: o: tcp (xx.xx.254.40, 44124) -> (xx.xx.254.128, 8080) [21698]    
  Feb 03 13:23:10 10.10.10.1 297483: *Mar 2 00:09:52.922: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21698]
  Feb 03 13:23:13 10.10.10.1 297484: *Mar 2 00:09:55.930: NAT: o: tcp (xx.xx.254.40, 44124) -> (xx.xx.254.128, 8080) [21702]    
  Feb 03 13:23:13 10.10.10.1 297485: *Mar 2 00:09:55.930: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21702]
  Feb 03 13:23:19 10.10.10.1 297486: *Mar 2 00:10:01.934: NAT: o: tcp (xx.xx.254.40, 44124) -> (xx.xx.254.128, 8080) [21709]    
  Feb 03 13:23:19 10.10.10.1 297487: *Mar 2 00:10:01.934: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21709]
  Feb 03 13:23:58 10.10.10.1 297489: *Mar 2 00:10:41.306: NAT: expiring xx.xx.254.128 (10.10.10.3) tcp 8080 (8080)
  538-R1023-C830#sh running-config full
  Building configuration...
  Current configuration : 4329 bytes
  version 12.3
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname 538-R1023-C830
  boot-start-marker
  boot-end-marker
  logging buffered 51200 warnings
  no logging console
  no aaa new-model
  resource policy
  ip subnet-zero
  no ip dhcp use vrf connected
  ip dhcp excluded-address 10.10.10.1
  ip dhcp pool sdm-pool
     import all
     network 10.10.10.0 255.255.255.0
     default-router 10.10.10.1
     dns-server 10.1.18.152
     lease 0 2
  ip cef
  ip domain list sd.cox.net
  ip domain name sd.cox.net
  no ip ips deny-action ips-interface
  no ftp-server write-enable
  crypto pki trustpoint TP-self-signed-75609932
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-75609932
  revocation-check none
  rsakeypair TP-self-signed-75609932
  crypto pki certificate chain TP-self-signed-75609932
  certificate self-signed 01
  <snip>
  interface Ethernet0
  description inside
  ip address 10.10.10.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  interface Ethernet1
  description outside
  ip address dhcp
  ip access-group 101 in
  ip nat outside
  ip virtual-reassembly
  duplex auto
  interface Ethernet2
  no ip address
  shutdown
  interface FastEthernet1
  no ip address
  duplex auto
  speed auto
  interface FastEthernet2
  no ip address
  duplex auto
  speed auto
  interface FastEthernet3
  no ip address
  duplex auto
  speed auto
  interface FastEthernet4
  no ip address
  duplex auto
  speed auto
  no ip classless
  ip http server
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 600 life 86400 requests 10000
  ip nat inside source list 1 interface Ethernet1 overload
  ip nat inside source static tcp 10.10.10.3 8080 interface Ethernet1 8080
  logging trap debugging
  logging 10.10.10.3
  access-list 1 permit 10.10.10.0 0.0.0.255
  access-list 101 permit ip any any
  control-plane
  banner login ^C
  ^C
  line con 0
  login local
  no modem enable
  line aux 0
  line vty 0 4
  privilege level 15
  login local
  transport input telnet ssh
  scheduler max-task-time 5000
  end

  Hi Alain,
  yes, the client i was testing with is on the same subnet as public router ip.  Good thought on the firewall, I will disable any firewall on iis machine (my laptop) and re-test.  will reply with those results on Monday.   ultimately i'm needing to test nat for port 9100 to a printer, I'll add that and test as well, firewall shouldn't be a factor with printer.
  thank you.
  Grant

• Replacing BM on NW with the ISP firewall and NAT

  Replacing BM on NW with the ISP firewall and NAT
  Hi!
  LAN is a tree with 3 servers:
  1. NW 6.5 sp8 + BorderManager 3.9 sp 2
  2. NOWS SBE 2.5 (Suse) - DNS\DHCP
  3. NOWS SBE 2.0 (Suse)
  Since I'm connected to the internet through my ISP router (XBOX- Checkpoint), I am considering to remove the first server (firewall) and ask my ISP ro configure the router as a firewall and NAT too.
  What are the steps needed to do it without any demages?
  TIA
  Nanu

  nanu,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://forums.novell.com/

• Do I need a router or access point / bridge?

  Hi.  We have a MS small bus server with a software firewall.  It does dhcp and routes traffic so we don't need the router part of the router.
  Wireless  N access is needed.  Will a DAP 1522 (Wireless N access point / switch) offer the same wireless performance as a Linksys wireless N router?
  I just bought the DAP access point and am getting 100-130 mb/s with a strong signal.  Would the router work better with its giant antennae?
  Nick

  DAP 1522 is a good acess point. It  lets you connect up to 4 Ethernet-enabled devices such as set top boxes, game consoles, or computers to an existing Wi-Fi network for on-demand broadcast, online gaming, or media streaming throughout the home.
  With dual-band wireless capabilities, the DAP-1522 is ideal for wireless HD video streaming and gaming applications because entertainment content can be sent over the less crowded 5GHz band.
  The DAP-1522 can also be used to create a new 802.11n wireless network using its Access Point feature. Simply connect it to an existing wired or wireless router, and you'll enjoy greater range and data speeds in seconds.

• What IOS do I need for SSH and VPN

  Greetings,
  I am not a Cisco expert but can muddle my way thru configurations. I have inherited my position from someone else who setup our VPN infrastructure long ago. Problem is that we have added a new location and I have been asked to add it to our VPN. I found a spare 2610 in the equipment closet with IOS Version 12.2(24) which is a higher version than some of the other working VPN routers in the field. I am basically using the other VPN router configs as a template but when I issue the command "crypto", it does not recognize it. Nor does it recognize the command "ip ssh". So the questions are, do I have to get an updated IOS? If this IOS is ok, do I need an add-on VPN pack? If yes to either one, how do I get it? - Thanks.
  Don

  So if I do a "show ver" on the router I am having trouble with, I see:
  IOS (tm) C2600 Software (C2600-IO3-M), Version 12.2(24), RELEASE SOFTWARE (fc1)
  On one of the working VPN routers I see:
  IOS (tm) C2600 Software (C2600-IK9O3S3-M), Version 12.2(15)T14, RELEASE SOFTWARE (fc4)
  So I see the K9 in the IOS version of the working router. Thanks for that part of the puzzle.
  Now my question is, how do I get that IOS?
  Don

• Is a modem enough?  Or do I need a router?

  No, really, that's my question.  Bear with me; I'm ignorant of how this is supposed to work, though I think I understand the very basic principles.
  I have an old zoom modem that for six years has wirelessly connected my iMac to the internet.  The network is sometimes very unreliable and I have to restart the modem and fool with settings to get it working again; that sometimes fixes it for several months, but sometimes I get dropped freqently for weeks before something fixes itself.  However, the network always shows up in the drop-down list.  I'm in an 800 squ. ft. apartment in a large building and surrounded by 15 or so home networks, but I'd like to add a wireless printer and connect remote speakers with an Airport Express, so I want it solid before I start playing with more devices.
  Given the number of wireless setups around me, I recently I decided to make my network more secure because the modem was not encrypted and I had no wireless security set up in my network preferences.  But as soon as I started playing with encryption on the modem and/or adding WPA2 security on the network preferences, everything became unstable.  The network still shows up in the drop-down list (the one that comes up when I click on the network icon in the menu bar), but it usually wants me to enter a WEP password and doesn't let me connect, etc.  If I reboot the modem and restart the computer (I think the latter helps) I get a connection; that might work for several days or for only hours.  Sometimes rebooting the computer helps too.  But, like I said, the only time I have anything that stays stable for any length of time is with no security.
  So I've got to do something.  People are always talking about routers connected to modems, but the guy at my ISP said that for my purposes a modem alone would be enough.  He suggested connecting an ethernet cable and creating a new network to see if that alone will help, and if the wireless setup still doesn't work I should replace the modem.
  So, considering my modest demands on the network, do I need a router?  Shouldn't a wireless dsl modem be enough, even if I need to replace this one?
  Edited to add: my understanding is that everything on the network is connected to the modem, which is why he said the modem is all I need.  Is this wrong?  I just got an iPod touch and all I had to do was sign in to the network.  Right now I've had a few days of stability, so I haven't gotten so see if it loses the network when the iMac does.

  A potential problem with a non-Apple router is compatibility.  Some brands tend to be better than others.  Also there is the question of support.  Few if any mfgrs. provide support for Macs.  That said I would give a qualified thumbs-up to D-Link routers.  They do work well with Macs and can be easily configured with a browser.  Mac support is available although minimal.  D-Link also sells access points that can be used much like an Airport Express.
  Any problems with WPA on your Zoom is likely because it's very old.  The modem may not even be DOCSIS 2 compatible given its age.
  Consult with your ISP to determine what they recommend for a replacement modem or what they currently provide in new installations.  Whatever you do a new modem may require provisiioning with the ISP.
  I don't believe Tesserax or I made conflicting statements about needing a router to connect multiple devices.  If there's any question here, then the answer is, "Yes.  You need some type of router to connect multiple devices.  It could be separate from the modem or it could be built-in to the modem like what you now have.

• Confussion: DNS/FQDN behind SOHO Firewall/Router

  Hi Everyone,
  I'm a little confused as to the setup of DNS behind a Firewall/Router.
  I have previous had an OS X 10.6 server with DNS setup directly to a Global IP.
  In my new setup, I will have a SOHO Firewall/Router setup at the "edge" with server & clients on the Local LAN. I will need the server to be able to serve up DNS / Open Directory master / Web Services / etc. both publically and privately. The SOHO device will serve up DHCP.
  Port Forwarding on the SOHO router is not an issue, so covered there.
  I am a bit confused on what to do on the DNS side as it is now sitting on private lan but needs to serve out publically as well.
  Is it as simple has having something like the following in the DNS tables?
  Note: dns1.mycompany.com. would have static IP: 192.168.1.10
  dns1.mycompany.com. IN A 123.123.123.123
  dns1.mycompany.com. IN A 192.168.1.10
  10.1.168.192.in-addr.arpa. IN PTR dns1.mycompany.com.
  123.123.123.123.in-addr.arpa. IN PRT dns1.mycompany.com.
  That way there is a machine record and reverse lookup for both internally and externally?
  Message was edited by: Jin597

  I am not saying the following is the only way to do it, but typically you would run your own DNS server internally and may have for example www.yourcompany.com resolve to a local private IP address, and externally you would have your ISP run a DNS server for the same domain but it would resolve to your public IP address.
  The outside world would only see and use the ISPs version and would therefore always use the (correct) public IP address, and your users on the LAN would use your internal DNS server and hence the private IP address.
  It would be possible to do the same all yourself by having two separate DNS servers internally but keeping one for use by your LAN, and the other for use (only) by external users. I don't believe the standard Apple Server Manager utility makes it possible to properly do both on one server.

• Do I need a router to interface with my wireless laptop and printer, or can booth tooth.

  Im having a problem interfacing the HP B210 all in one wireless printer to my ASUS wireless Laptop. Do I need a router or can I some hoe make the wireless connection using my blue tooth on my laptop. Please help.

  Well, the printer does not have bluetooth so that will not work.
  However, you can connect to it directly via wi-fi on your laptop.  From the front of the printer go to: Setup > Network > Restore Network Defaults.
  Now, on your PC, look for a wireless network beginning with "HP".  Join it.  There is no password.
  Now, go to Control Panel > Printers and Add a Printer.
  Say thanks by clicking "Kudos" "thumbs up" in the post that helped you.
  I am employed by HP

• Do I need a router when I have time capsule

  I'm so new with iMac. Thinking getting a time capsule for movies and music so if I get a time capsule do I need a rout with it

  Time capsule is a backup device not a media server.. it will not work at all well as a place to store your itunes or iphoto libraries..
  Read around carefully for what people use but TC has no internal method to automatically backup.. anything stored on the TC even if you only use it for file storage is lost. if the TC dies.. which they do.
  If you still want to use it. a TC is basically an airport extreme.. ie wireless router with built in hard disk drive.

• Need a router to conect ipad to a telstra 4G usb Sierra wireless "AirCard 320U

  need a router to conect ipad to a telstra 4G usb Sierra wireless "AirCard 320U

  You need a MiFi. Talk to your cell provider.