One private IP NAT to multiple public IPs?

Discussion in 'Cisco' started by Jack, Jul 1, 2007.

  1. Jack

    Jack Guest

    I have a requirement to setup a network so that an internal server
    communicates with outside world through different WAN networks. I have
    three separate WAN connections terminated on a single Cisco 6500. The
    internal network also connects to the same switch.

    External VLANs: Ingress, Egress and Management
    Internal VLAN: Internal
    1. Management traffic can only talk to the internal server(s) via
    Management WAN;
    2. Application traffic can only talk to the internal server(s) via
    Ingress WAN;
    3. Outbound traffic originated from internal servers has to go through
    Egress WAN;
    4. Internal servers use private IP addresses

    For example, I have:
    Servers on Internal VLAN:

    The mangement traffic (i.e. SNMP, ssh) uses the following public IPs
    to reach each server:

    The application traffic (i.e. www, ftp) uses the following public IPs
    to reach each server:

    The traffic initiated from the servers uses the following public IPs
    to access the Internet:

    Given the requirements above, how do I design/configure my switch to
    achieve the goal? I've done some searches on the forum with no luck.
    Please kindly advise.
    Jack, Jul 1, 2007
    1. Advertisements

  2. Jack


    Jul 2, 2007
    Likes Received:
    ithelp, Jul 2, 2007
    1. Advertisements

  3. Jack,

    I think you've got an interesting problem here. At first sight it
    seems relatively simple but on a second look it becomes rather tricky.
    Unfortunately there is insufficient information to provide a design,
    although here are a couple of points you could consider.

    Beyond understanding the feature set of the Cisco 6500, the key areas
    for consideration is how to differentiate the traffic flows and the
    need to define return paths for each traffic type.

    If the traffic can be segregated based on source and destination IP
    address it may be possible to use static routes. More specific routes
    would be chosen to route traffic for the management and Ingress return
    paths; a default route would route traffic through Egress link.

    If the traffic can be differentiated based on source/dest. ports or
    protocols then Policy Based Routing can complement the static IP route
    technique above.

    Alternatively, if the applications can be configured to use multiple
    IP addresses on a single NIC, the problem may be simplified.

    A detailed requirements capture and traffic profile should provide
    some of the answers and a direction in which to develop the design.

    <a href="">Igneous Networks</a> Technical Director
    <a href="">Network services for merging
    igneousnetworks, Jul 18, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.