I have been asked and scolded as to why I have these and the reason is that I wanted the additional security. But it seems to be at a painstakingly method.

Ok, I have 3 computers connected to the Linksys. I have the Cisco connected to the Linksys to the WAN port. I have Dynamic IP from my ISP.
#1 pc has Win 2000 server which will be one day a web and e-mail server.
#2 & 3 pc has Win 98se.
I have hardcoded into the #1 pc an IP address. #2 and 3 are set to Obtain Ip auto mode.
In the Linksys, I have inthe Forward setup to forward ports 0-1024 to the #1 pc.
On the Cisco, it is set to the defaults - DHCP and NAT is enabled.
I can see the internet and each other but can not set up an e-mail server even tho I am using TZO to forward my domain name.
Another problem is that the commander software of the Cisco can not see the Cisco. I have been told that this may be because of the Linksys and it not allowing the MAC address to be routed between the Cisco and the Commander software.
Any help would be most appreciated.
Thanks

I would try Shields UP! (https://grc.com/x/ne.dll?bh0bkyd2) to find out if your ISP is blocking incoming port 25 connections. If this test yields a Stealth port 25 result and your routers are set to forward that port to your server, it may be blocked on your ISP end. If so, you're out of luck.

Thanks. I'll give that a try to see what it up.
From what I have been able to figure out, I need to add the following line to my Cisco router:
"set nat entry add 10.0.0.2 25 192.168.xx.xx 25 tcp"
I believe I am telling Cisco that if something comes in requiring port 25 at IP 10.0.0.2, then route that to the computer on the lan with the hardcoded IP of 192.168.xx.xx. Correct?
Thanks

Nope.

Since you have your server behind your Linksys router, you need to have the Cisco router route that packet to your Linksys router, which will also check what the packet is and where it should forward it to according to the NAT rule set. In turn, the Linksys router will then route the packet to your server.

A Cisco 678 connected to a Linksys? I won't add to the "scolding," but if you're gonna do that, then just set the 678 to bridged mode.

True, but that defeats the double firewall concept. Some people are paranoid like me. ;)

Good morning.
I forgot to reply to a line yesterday so here goes:
If my Linksys has an IP of: 192.168.1.1 and my Cisco has an IP of 10.0.0.2, then I want to add to my Cisco table the followng: "set nat entry add 10.0.0.2 25 192.168.1.1 25 tcp". In the Linksys Forward tab, I then state on that page to Forward anything coming in that wants Port 25 to go to the computer that I have set up for e-mail with the IP of 192.168.xx.xx?
Does this sound correct?

I'm glad to hear someone suggest that this might be a good idea. I was beginning to wonder if I am going in the wrong direction.

Thanks

Yep, you got it.

I have a similar setup at home. I have a NetGear RT314 configured with 10.14.12.1, then a W2K server with two NICs as my VPN server/NAT router, WAN NIC with 10.14.12.4 and LAN NIC with 10.11.12.1, then a second W2K server with two NICs as my mail, web, FTP, and DHCP server/NAT router, WAN NIC with 10.11.12.2 and LAN NIC with 10.17.12.2. The second W2K server physically separates my home LAN from the broadband connection since it dedicates the 10.17.12.2 NIC to the LAN on a separate switch. Wicked setup, but so far it seems to be working. On top of that, I have the second W2K server do outbound stateful packet inspection. That way I control what leaves my LAN and what doesn't.

It may seem paranoia, but after getting hit with the VBS.Loveletter virus twice, and losing a good amount of data because of it, I like the counter measures in place. :)

In that case, turn off DHCP on the Cisco, and set the Linksys' WAN IP to 10.0.0.2, the gateway to 10.0.0.1, and the DNS numbers to those of your ISP.

That defeats the purpose of having two firewalls in place. Not that it really matters because the IPs are not routable past his Internet connection, but making use of different IP schemes would seem a better choice if you intend to disallow traffic not meant to come in.

For example, at work I have the corporate network, and a SDSL circuit that I use. This SDSL circuit is hooked up to a W2K server that acts as a VPN server. This server has three NICs, one that connects to the corporate network, to a private non-routable network, and an IP from the SDSL circuit. I make the W2K server hand out IP leases to remote VPN clients from that same private non-routable network using a non-routable subnet, like 10.19.11.0. I also have that server setup so that any requests to the IP scheme that my corporate network uses, which also happens to be a routable, firewalled IP scheme, are routed through that private network NIC instead of the public Internet, where it would time out and not allow any access. So not only I'm I saving live routable IPs from the corporate network, but if anyone hacks in they have to guess what network to try and access beyond 10.19.11.0.

This is what I have done thus far. Maybe not to code but it works for now.
I have let 'enabled' the DHCP and NAT for the Cisco. I have added into the Cisco tables to open all ports for the Linksys. In the Linsys, I have it set to route ports 0-1024 to a certain computer, my Win2K
I am able to see the internet and the ports are open and ready to use such as port 25 when I use PortDetective or ShieldsUp.
In the future, I will be changing my ISP and then will be getting Static IP's for each device: the cisco, the Linksys and 1 for each computer. I hope this allows everything to run more smoothly than they have been.
Some of your responses regarding 2 and 3 NICs ina computer are over my head at this time. I wouldn't even know how to set up such a computer with more than 1 NIC.