Portfowarding on Cisco 1800

Hello,

Network setup is as follows. Cisco 1800 with one public IP on the ATM interface. The ethernet interface has a 192.168.1.1 address. The ISP has configured the router so it passes all traffic to 192.168.1.2 which is our firewall.

We have a new device at the 192.168.1.3 address.

I would like the ISP to forward just https traffic to the new device.

This is posible no? Because they say it is not.

Thanks,

Lyle

Reply to
Lyle
Loading thread data ...

They are probably one to one NATing and what you are asking for is port address translation (PAT). That way you can forward different ports to different internal IP addresses. This should definitely be possible, although I'm making assumptions on your setup. If you can paste your router config (omit passwords and hide your external IP address), then someone here can definitely answer your question.

Reply to
Trendkill

Thanks for your reply. I wish I could paste the config here but I dont have access to the router. I assume they are doing one-to -one NAT to our firewall because we have a VPN up and running and they never asked about which ports to forward. So if this is the case, that they are doing ono-to-one NAT, I cant do any policy based routing right?

Reply to
Lyle

There is nothing you can do if they are doing one to one nat, unless of course you want to install a router in between and do your own NAT/ PAT. I've never really tried that kind of nat to nat, but there are some folks on this board with some deeper experience in the internet security side than me. May be worth trying, although getting them to do change to pat shouldn't be that big of a problem. They can forward

443 to the one server, and everything else to the firewall. Although don't you want your web server behind your firewall anyway, so can't you put a rule in there to forward 443 to an internal address? Use that as your nat to pat instead?
Reply to
Trendkill

Actually its not a web server. Its an appliance to publish Web Apps and just about anything via SSL. I just wanted it to stay as clean and simple as possible, but you are right. I could always try and redirect from the firewall itself. The only problem is the firewall handels all the SSL stuff as is.

What I could try is use another port till I am ready to do the switch.... Thats what I asked the ISP to do..... redirect 4443 to the new box, which I would set it up using 4443, and then test, test, test, and when I was happy have them change the port to 443 and BOOM into production

Reply to
Lyle

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.