said by CiscoR :
Our firewall does not support the use of BGP.
Dare I ask the make / model of firewall this is that does web filtering, inspection and VPN... but not BGP?
said by CiscoR :
Can any of you good fellows suggest the best way of setting this up or is double NAT going to be the way forward? Is it possible to have the router dealing with BGP put transparently pass the traffic straight on to the firewall?
Depends on a couple of factors, the ones I can thnk of off the top of my head :
a) how many useable addresses in the 141.x.x.x range do you have to use, besides the one currently used on your firewall's WAN interface?
b) is the above firewall only have two interfaces / zones?
c) what addressing scheme is being used on the firewall's LAN interface(s)?
d) is the addressing of the 83.x.x.x hosts planned to use NAT'ing on the firewall or directly addressed on the end hosts themselves?
Best case scenario : if the 141.x.x.x range has multiple useable addresses, the 83.x.x.x range will be addressed thru NAT
and internal addressing is using RFC1918, the 1841 could easily be dropped in to only talk BGP and not have to
The middle case I can think of is where you have two or more 141.x.x.x addresses to use; one is left on the existing
firewall itself, another is used to address a loopback / management interface on a 3560 or 3750 series layer3 switch,
which is how you talk BGP back to the ISP. That way you have the flexibility to put the 83.x.x.x hosts onto the switch
itself, or behind the firewall and NAT'd as your needs dictate.
Other thing you should keep in mind is how big a BGP table you will be taking from the ISP; is it only the 141.x.x.x
and 83.x.x.x ranges, or will it be more? If more, make sure your RAM on whatever device you use is scaled