Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Portfowarding on Cisco 1800

Reply
Thread Tools

Portfowarding on Cisco 1800

 
 
Lyle
Guest
Posts: n/a
 
      08-22-2008
Hello,

Network setup is as follows. Cisco 1800 with one public IP on the ATM
interface. The ethernet interface has a 192.168.1.1 address. The ISP
has configured the router so it passes all traffic to 192.168.1.2
which is our firewall.

We have a new device at the 192.168.1.3 address.

I would like the ISP to forward just https traffic to the new device.

This is posible no? Because they say it is not.

Thanks,

Lyle
 
Reply With Quote
 
 
 
 
Trendkill
Guest
Posts: n/a
 
      08-22-2008
On Aug 22, 7:44*am, Lyle <(E-Mail Removed)> wrote:
> Hello,
>
> Network setup is as follows. Cisco 1800 with one public IP on the ATM
> interface. The ethernet interface has a 192.168.1.1 address. The ISP
> has configured the router so it passes all traffic to 192.168.1.2
> which is our firewall.
>
> We have a new device at the 192.168.1.3 address.
>
> I would like the ISP to forward just https traffic to the new device.
>
> This is posible no? Because they say it is not.
>
> Thanks,
>
> Lyle


They are probably one to one NATing and what you are asking for is
port address translation (PAT). That way you can forward different
ports to different internal IP addresses. This should definitely be
possible, although I'm making assumptions on your setup. If you can
paste your router config (omit passwords and hide your external IP
address), then someone here can definitely answer your question.
 
Reply With Quote
 
 
 
 
Lyle
Guest
Posts: n/a
 
      08-22-2008
On Aug 22, 3:15*pm, Trendkill <(E-Mail Removed)> wrote:
> On Aug 22, 7:44*am, Lyle <(E-Mail Removed)> wrote:
>
>
>
> > Hello,

>
> > Network setup is as follows. Cisco 1800 with one public IP on the ATM
> > interface. The ethernet interface has a 192.168.1.1 address. The ISP
> > has configured the router so it passes all traffic to 192.168.1.2
> > which is our firewall.

>
> > We have a new device at the 192.168.1.3 address.

>
> > I would like the ISP to forward just https traffic to the new device.

>
> > This is posible no? Because they say it is not.

>
> > Thanks,

>
> > Lyle

>
> They are probably one to one NATing and what you are asking for is
> port address translation (PAT). *That way you can forward different
> ports to different internal IP addresses. *This should definitely be
> possible, although I'm making assumptions on your setup. *If you can
> paste your router config (omit passwords and hide your external IP
> address), then someone here can definitely answer your question.


Thanks for your reply. I wish I could paste the config here but I dont
have access to the router. I assume they are doing one-to -one NAT to
our firewall because we have a VPN up and running and they never asked
about which ports to forward. So if this is the case, that they are
doing ono-to-one NAT, I cant do any policy based routing right?
 
Reply With Quote
 
Trendkill
Guest
Posts: n/a
 
      08-22-2008
On Aug 22, 9:41*am, Lyle <(E-Mail Removed)> wrote:
> On Aug 22, 3:15*pm, Trendkill <(E-Mail Removed)> wrote:
>
>
>
> > On Aug 22, 7:44*am, Lyle <(E-Mail Removed)> wrote:

>
> > > Hello,

>
> > > Network setup is as follows. Cisco 1800 with one public IP on the ATM
> > > interface. The ethernet interface has a 192.168.1.1 address. The ISP
> > > has configured the router so it passes all traffic to 192.168.1.2
> > > which is our firewall.

>
> > > We have a new device at the 192.168.1.3 address.

>
> > > I would like the ISP to forward just https traffic to the new device.

>
> > > This is posible no? Because they say it is not.

>
> > > Thanks,

>
> > > Lyle

>
> > They are probably one to one NATing and what you are asking for is
> > port address translation (PAT). *That way you can forward different
> > ports to different internal IP addresses. *This should definitely be
> > possible, although I'm making assumptions on your setup. *If you can
> > paste your router config (omit passwords and hide your external IP
> > address), then someone here can definitely answer your question.

>
> Thanks for your reply. I wish I could paste the config here but I dont
> have access to the router. I assume they are doing one-to -one NAT to
> our firewall because we have a VPN up and running and they never asked
> about which ports to forward. So if this is the case, that they are
> doing ono-to-one NAT, I cant do any policy based routing right?


There is nothing you can do if they are doing one to one nat, unless
of course you want to install a router in between and do your own NAT/
PAT. I've never really tried that kind of nat to nat, but there are
some folks on this board with some deeper experience in the internet
security side than me. May be worth trying, although getting them to
do change to pat shouldn't be that big of a problem. They can forward
443 to the one server, and everything else to the firewall. Although
don't you want your web server behind your firewall anyway, so can't
you put a rule in there to forward 443 to an internal address? Use
that as your nat to pat instead?
 
Reply With Quote
 
Lyle
Guest
Posts: n/a
 
      08-22-2008
> *Although don't you want your web server behind your firewall anyway, so can't
> you put a rule in there to forward 443 to an internal address? *Use
> that as your nat to pat instead?



Actually its not a web server. Its an appliance to publish Web Apps
and just about anything via SSL. I just wanted it to stay as clean and
simple as possible, but you are right. I could always try and redirect
from the firewall itself. The only problem is the firewall handels all
the SSL stuff as is.

What I could try is use another port till I am ready to do the
switch.... Thats what I asked the ISP to do..... redirect 4443 to the
new box, which I would set it up using 4443, and then test, test,
test, and when I was happy have them change the port to 443 and BOOM
into production
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PPPoE on Ethernet Help (Cisco 1800) RobMarsh Cisco 1 09-18-2006 08:00 AM
DNAT on Cisco 1800? Tomasz Grzelak Cisco 0 05-05-2006 04:31 PM
Connect Windows XP VPN Client to Cisco 1800 series Thomas Reinberger Cisco 1 04-18-2006 07:01 PM
Cisco 2600 and 1800 number John Strow Cisco 0 04-30-2005 04:35 PM
How to configure an analog Backup connection on Cisco 1800 Router ? Kai Cisco 1 12-13-2004 11:20 AM



Advertisments