Mutiple external IPs on single interface

Discussion in 'Cisco' started by Kevin Coles, Jan 7, 2006.

  1. Kevin Coles

    Kevin Coles Guest

    I have a Cisco 1711 that has a single interface on the external side and is
    currently configured to use a public IP that our ISP gave us. We have
    successfully used port forwarding on 443 to access internal services with
    it. We also have a range of 5 public IPs that are assigned to us which we
    haven't had occasion to use yet. Now we are going to be hosting a couple of
    443 services on different machines and will have to have separate IPs for
    them.

    Does anyone have any idea how this can be configured? My ISP says that
    traffic on those IPs is directed to our router so now I need to know how to
    make it catch multiple IP addresses on the single interface.

    Any help is greatly appreciated. Let me know if more detail is required.

    Thanks,

    Kevin Coles
     
    Kevin Coles, Jan 7, 2006
    #1
    1. Advertisements

  2. Kevin Coles

    djoe Guest

    If i understand your question correctly. You can configure static nat
    for each server that needs to be accessed from the outside on port 443.
    The rest of the users will be PAT to the public ip of the fa0.
    Assuming your first server has the private ip of 10.1.1.2 and a public
    of 40.226.30.130 here is a brief summary of what you can start of with.



    int vlan 1
    ip address 10.1.1.1 255.255.255.0
    ip nat inside


    interface FastEthernet0
    description Internet
    ip address 40.22.6.129 255.255.255.248
    no ip redirects
    ip nat outside

    ip nat inside source list 100 interface FastEthernet0 overload
    ip nat inside source static tcp 10.1.1.2 443 40.22.6.130 443 extendable
    etc for each server
    access-list 100 permit ip 10.1.1.0 0 0.0.0.255 any
     
    djoe, Jan 7, 2006
    #2
    1. Advertisements

  3. Kevin Coles

    Kevin Coles Guest

    Thanks for your reply,

    You have basically just described by existing setup, save for the IP
    addresses. After reading my original post again, I'm not sure I explained my
    self well enough. So I'll try again:

    I have a single external public IP on my external interface and I have
    static NAT configured for my port 443 traffic going from the external IP to
    my server's interal IP. Pretty much exactly as you described. Our outbound
    traffic is NATed through the same IP as well. This external IP was given to
    us by the ISP (206.xxx.xxx.2) and it has a next hop of 206.xxx.xxx.1.

    We also have a block of 5 IPs that were given to us that we have never used,
    both because we didn't need them but also because we weren't sure how to use
    them. They are 64.yyy.yyy.225 through 64.yyy.yyy.230.

    So now we will be implementing some services on 443/80 which will reside on
    a completely new server. So now I must use a different IP to ensure the
    traffic can be directed to the correct server. I have heard of ISA server
    being used to split port traffic but we do not have or wish to implement ISA
    server. I would like to use one of these unused addresses and possibly even
    create a public DNS record for it.

    My dillemma is not so much the NATing itself but how do I get my router to
    listen for traffic on two different public IPs when it has only one
    externally facing interface? Can you create a virtual interface for it to
    listen on? I just can't get my head around it but I've been told by my ISP
    it can be done, but they of course don't offer this kind of technical
    support.

    I'm sure if someone can point in the right direction I can figure out the
    configuration.

    Thanks,

    Kevin Coles
     
    Kevin Coles, Jan 9, 2006
    #3
  4. Kevin Coles

    Merv Guest

    Your ISP will have configured their routing to route 64.x.x.x block to
    your router.

    All you need to do is to configure static routing on your router
    indicating where you want to send that traffic
     
    Merv, Jan 10, 2006
    #4
  5. Kevin Coles

    Kevin Coles Guest

    Hi Merv,

    So you are saying all I would need to do is something like this?

    ip nat inside source static tcp 192.168.0.xxx 443 64.xxx.xxx.22x 443
    extendable

    And because the ISP has already routed the traffic to the external interface
    of the router, this would just route anything detined for that address?
    Almost seems too easy.

    I'll give it a try.

    Kevin
     
    Kevin Coles, Jan 10, 2006
    #5
  6. Kevin Coles

    Kevin Coles Guest

    Well I tried this and it didn't work.....however I will contact my ISP to
    confirm that I stil lhave this block of addresses being routed to our
    external interface.

    Kevin
     
    Kevin Coles, Jan 10, 2006
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.