I have a Cisco 1711 that has a single interface on the external side and is currently configured to use a public IP that our ISP gave us. We have successfully used port forwarding on 443 to access internal services with it. We also have a range of 5 public IPs that are assigned to us which we haven't had occasion to use yet. Now we are going to be hosting a couple of
443 services on different machines and will have to have separate IPs for them.
Does anyone have any idea how this can be configured? My ISP says that traffic on those IPs is directed to our router so now I need to know how to make it catch multiple IP addresses on the single interface.
Any help is greatly appreciated. Let me know if more detail is required.
If i understand your question correctly. You can configure static nat for each server that needs to be accessed from the outside on port 443. The rest of the users will be PAT to the public ip of the fa0. Assuming your first server has the private ip of 10.1.1.2 and a public of 40.226.30.130 here is a brief summary of what you can start of with.
int vlan 1 ip address 10.1.1.1 255.255.255.0 ip nat inside
interface FastEthernet0 description Internet ip address 40.22.6.129 255.255.255.248 no ip redirects ip nat outside
ip nat inside source list 100 interface FastEthernet0 overload ip nat inside source static tcp 10.1.1.2 443 40.22.6.130 443 extendable etc for each server access-list 100 permit ip 10.1.1.0 0 0.0.0.255 any
You have basically just described by existing setup, save for the IP addresses. After reading my original post again, I'm not sure I explained my self well enough. So I'll try again:
I have a single external public IP on my external interface and I have static NAT configured for my port 443 traffic going from the external IP to my server's interal IP. Pretty much exactly as you described. Our outbound traffic is NATed through the same IP as well. This external IP was given to us by the ISP (206.xxx.xxx.2) and it has a next hop of 206.xxx.xxx.1.
We also have a block of 5 IPs that were given to us that we have never used, both because we didn't need them but also because we weren't sure how to use them. They are 64.yyy.yyy.225 through 64.yyy.yyy.230.
So now we will be implementing some services on 443/80 which will reside on a completely new server. So now I must use a different IP to ensure the traffic can be directed to the correct server. I have heard of ISA server being used to split port traffic but we do not have or wish to implement ISA server. I would like to use one of these unused addresses and possibly even create a public DNS record for it.
My dillemma is not so much the NATing itself but how do I get my router to listen for traffic on two different public IPs when it has only one externally facing interface? Can you create a virtual interface for it to listen on? I just can't get my head around it but I've been told by my ISP it can be done, but they of course don't offer this kind of technical support.
I'm sure if someone can point in the right direction I can figure out the configuration.
And because the ISP has already routed the traffic to the external interface of the router, this would just route anything detined for that address? Almost seems too easy.
Well I tried this and it didn't work.....however I will contact my ISP to confirm that I stil lhave this block of addresses being routed to our external interface.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.