Portfowarding on Cisco 1800
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||
|
Posted by Lyle on August 22, 2008, 7:44 am
Please log in for more thread options Hello, Network setup is as follows. Cisco 1800 with one public IP on the ATM interface. The ethernet interface has a 192.168.1.1 address. The ISP has configured the router so it passes all traffic to 192.168.1.2 which is our firewall. We have a new device at the 192.168.1.3 address. I would like the ISP to forward just https traffic to the new device. This is posible no? Because they say it is not. Thanks, Lyle | ||||||||||||||||
|
Posted by Trendkill on August 22, 2008, 9:15 am
Please log in for more thread options They are probably one to one NATing and what you are asking for is port address translation (PAT). That way you can forward different ports to different internal IP addresses. This should definitely be possible, although I'm making assumptions on your setup. If you can paste your router config (omit passwords and hide your external IP address), then someone here can definitely answer your question. | ||||||||||||||||
|
Posted by Lyle on August 22, 2008, 9:41 am
Please log in for more thread options
>
> > > > Hello,
>
> > Network setup is as follows. Cisco 1800 with one public IP on the ATM
> > interface. The ethernet interface has a 192.168.1.1 address. The ISP > > has configured the router so it passes all traffic to 192.168.1.2 > > which is our firewall. >
> > We have a new device at the 192.168.1.3 address.
>
> > I would like the ISP to forward just https traffic to the new device.
>
> > This is posible no? Because they say it is not.
>
> > Thanks,
>
> > Lyle
>
> They are probably one to one NATing and what you are asking for is > port address translation (PAT). =A0That way you can forward different > ports to different internal IP addresses. =A0This should definitely be > possible, although I'm making assumptions on your setup. =A0If you can > paste your router config (omit passwords and hide your external IP > address), then someone here can definitely answer your question. Thanks for your reply. I wish I could paste the config here but I dont have access to the router. I assume they are doing one-to -one NAT to our firewall because we have a VPN up and running and they never asked about which ports to forward. So if this is the case, that they are doing ono-to-one NAT, I cant do any policy based routing right? | ||||||||||||||||
|
Posted by Trendkill on August 22, 2008, 10:27 am
Please log in for more thread options
>
> > > > > > Hello,
>
> > > Network setup is as follows. Cisco 1800 with one public IP on the ATM
> > > interface. The ethernet interface has a 192.168.1.1 address. The ISP > > > has configured the router so it passes all traffic to 192.168.1.2 > > > which is our firewall. >
> > > We have a new device at the 192.168.1.3 address.
>
> > > I would like the ISP to forward just https traffic to the new device.
>
> > > This is posible no? Because they say it is not.
>
> > > Thanks,
>
> > > Lyle
>
> > They are probably one to one NATing and what you are asking for is
> > port address translation (PAT). =A0That way you can forward different > > ports to different internal IP addresses. =A0This should definitely be > > possible, although I'm making assumptions on your setup. =A0If you can > > paste your router config (omit passwords and hide your external IP > > address), then someone here can definitely answer your question. >
> Thanks for your reply. I wish I could paste the config here but I dont > have access to the router. I assume they are doing one-to -one NAT to > our firewall because we have a VPN up and running and they never asked > about which ports to forward. So if this is the case, that they are > doing ono-to-one NAT, I cant do any policy based routing right? There is nothing you can do if they are doing one to one nat, unless of course you want to install a router in between and do your own NAT/ PAT. I've never really tried that kind of nat to nat, but there are some folks on this board with some deeper experience in the internet security side than me. May be worth trying, although getting them to do change to pat shouldn't be that big of a problem. They can forward 443 to the one server, and everything else to the firewall. Although don't you want your web server behind your firewall anyway, so can't you put a rule in there to forward 443 to an internal address? Use that as your nat to pat instead? | ||||||||||||||||
|
Posted by Lyle on August 22, 2008, 12:12 pm
Please log in for more thread options
> =A0Although don't you want your web server behind your firewall anyway, s=
o can't
> you put a rule in there to forward 443 to an internal address? =A0Use
> that as your nat to pat instead? Actually its not a web server. Its an appliance to publish Web Apps and just about anything via SSL. I just wanted it to stay as clean and simple as possible, but you are right. I could always try and redirect from the firewall itself. The only problem is the firewall handels all the SSL stuff as is. What I could try is use another port till I am ready to do the switch.... Thats what I asked the ISP to do..... redirect 4443 to the new box, which I would set it up using 4443, and then test, test, test, and when I was happy have them change the port to 443 and BOOM into production | ||||||||||||||||
| Similar Threads | Posted |
| Portfowarding on Cisco 1800 | August 22, 2008, 7:44 am |
| DNAT on Cisco 1800? | May 5, 2006, 12:31 pm |
| Cisco 1800 dot11radio0 | March 28, 2008, 12:56 pm |
| PPPoE on Ethernet Help (Cisco 1800) | September 18, 2006, 2:41 am |
| cisco 1800, switch and ip address | October 24, 2006, 4:01 pm |
| Cisco 1800 / Netgear fvs318 | May 28, 2007, 11:35 pm |
| balancing 2 ISP's with Cisco 1800 | October 10, 2007, 8:41 am |
| Cisco 1800 with PPTP (VPN Server) | December 13, 2007, 11:45 am |
| [Cisco ISR 1800] Load Balance over two xDSL | November 20, 2007, 6:11 pm |
| Connect Windows XP VPN Client to Cisco 1800 series | April 18, 2006, 2:47 pm |
| how to open a port on a Cisco 1800 series router | February 19, 2008, 9:02 am |
| Monitoring network traffic on Cisco 1800 series | November 18, 2008, 2:44 am |
| Using Cisco 1800 Series Integrated Modem for Dial-in Access | March 17, 2008, 10:57 am |
| Site to Site VPN error on Cisco ASA5500 and router 1800 | January 4, 2008, 1:55 pm |
| CPU of new 800, 1800 & 2800 routers? | January 6, 2006, 9:27 am |
>
> Network setup is as follows. Cisco 1800 with one public IP on the ATM
> interface. The ethernet interface has a 192.168.1.1 address. The ISP
> has configured the router so it passes all traffic to 192.168.1.2
> which is our firewall.
>
> We have a new device at the 192.168.1.3 address.
>
> I would like the ISP to forward just https traffic to the new device.
>
> This is posible no? Because they say it is not.
>
> Thanks,
>
> Lyle