1. Home
  2. Cisco Systems
  3. two public IPs on my adsl interface

two public IPs on my adsl interface

Hi.

I have a Cisco router with one ADSL interface and two Ethernet interfaces.

The hosts are conected to the Ethernet0 interface, and the DMZ is Ethernet1.

I have two public IP addresses, so I'm going to use subinterfaces for the WAN interface. To understand better this message we can guess that these two IPs are: 80.80.80.80. and 80.80.80.81. These are not my IPs, it's just to understand better my explanation.

Until now, I just have one public address (on ATM0.1), and I have PAT enabled. But now, I have another public IP, I mean, I only have one ADSL line but two public IPs.

So, subinterface ATM0.1 is 80.80.80.80 and ATM0.2 will be 80.80.80.82.

I would like all traffic for the hosts go through ATM0.1 and all traffic for DMZ would go through ATM0.2. So, if anyone would go to my web server, they should type http://80.80.80.82.

But I have this command:

"ip route 0.0.0.0 0.0.0.0 ATM0.1"

So, if anyone opens a web browser and goes to http://80.80.80.82, the tcp packet will reach my web server, but when my web server answers, the answer would leave the router on the ATM0.1 subinterface instead of ATM0.2, and I need to separate LAN and DMZ traffic to internet.

What can I do in order to get what I want?

Thanks,

M.G.

Reply to
M.G.
Loading thread data ...

I don't think you need subinterfaces. Subinterfaces are needed when you have multiple PVCs. For multiple addresses you should be able to do it with a secondary address.

Is 80.80.80.82 the same as you were using 80.80.80.81 for above?

I think you just need a static NAT statement to map 80.80.80.82 to your web server.

Reply to
Barry Margolin

Thank you Barry.

So, as you say, I should put this additional address as a secondary address on the current ATM0.1 subinterface.

I don't understand when you say: "Is 80.80.80.82 the same as you were using 80.80.80.81 for above?" I need to use both ip addresses, the

80.80.80.2 should be use only for the DMZ, the 80.80.80.81 is for the lan users to access the internet. Until now, there is only the 80.80.80.81, but my client has been granted an additional ip address (80.80.80.82).

Reading your answer, I guess that you suggest to me to do this:

- 80.80.80.2 as secondary address.

- Configure static nat for the web server, something like this: "ip nat inside source static tcp 10.0.0.1 80 80.80.80.2 80" So, with these simple two steps, can I solve my (big) problem? I hope so, in such case, I would be very thankful to you.

M.G.

Reply to
M.G.

You won't need to set up the secondary address. The static NAT will take care of that for you. Once you do your variation of "ip nat inside source static aaa.bbb.ccc.ddd eee.fff.ggg.hhh" (inside IP, outside IP) your router will start forwarding traffic destined for eee.fff.ggg.hhh to aaa.bbb.ccc.ddd in accordance with whatever ACL rules you've applied to your outside interface with an access-group statement. Now you can target specific ports with your NAT statement or you can map everything accross and use ACLs to control access. That depends on your needs.

J
Reply to
J

Thank you very much,

M.G.

Reply to
M.G.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.