Cisco 877 Router -- Multiple IP Addresses

Discussion in 'Cisco' started by Vincent, Jun 24, 2008.

  1. Vincent

    Vincent Guest

    I'm a bit of a novice with Cisco routers, so please forgive me if
    I do not explain this clearly. Our company has a T1 line that
    connects through our Cisco 877 router. We have been given a block of
    public IP addresses (3 I think), but are currently only using one of
    these addresses. We would like to use one of the other public IP
    addresses for our ftp server. I already know how to port forward the
    traffic to the secondary IP address, like so:

    ip nat inside source static tcp x.x.x.x 21 x.x.x.x 21 extendable

    But, if I do this, the ip inspection rules that are being applied
    to the public IP address I use now (x.x.x.y) are not being applied to
    this connection. In particular:

    ip inspect name CBAC-FTP ftp

    interface FastEthernet 4
    ip address x.x.x.y 255.255.255.248
    ....
    ip inspect CBAC-FTP in

    I have read that you can add a secondary ip address to the same
    interface. Is this what I would have to do in this situation or is
    there another preferred method of handling this?

    interface FastEthernet 4
    ip address x.x.x.y 255.255.255.248
    ip address x.x.x.x 255.255.255.248 secondary (Should I do this?)

    Thank you for your assistance.

    Vincent
     
    Vincent, Jun 24, 2008
    #1
    1. Advertisements

  2. Vincent

    J.Cottingim Guest

    Vincent,
    You don't have to add a secondary ip to the outside interface.
    Adding the "ip inspect" CBAC-FTP in" command to the Fa4 interface will
    inspect the FTP traffic coming into the interface.

    What you have there seems to be correct.
    What leads you to believe that the traffic coming in the interface is
    not being inspected?

    -JC
     
    J.Cottingim, Jun 25, 2008
    #2
    1. Advertisements

  3. Vincent

    Vincent Guest

    JC,

    The traffic coming into the Fa4 interface IS being inspected on
    the IP address assigned to this interface (x.x.x.x), but it IS NOT on
    the IP address that is being port forwarded (x.x.x.y). If I try to
    perform passive ftp over x.x.x.x, it works correctly but it does not
    over x.x.x.y. I hope I explained this somewhat clearly.

    Vincent
     
    Vincent, Jun 25, 2008
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.