One private IP NAT to multiple public IPs?

Unanswered Question
Jun 30th, 2007

I have a requirement to setup a network so that an internal server communicates with outside world through different WAN networks. I have three separate WAN connections terminated on a single Cisco 6500. The internal network also connects to the same switch.

External VLANs: Ingress, Egress and Management

Internal VLAN: Internal

Requirements:

1. Management traffic can only talk to the internal server(s) via Management WAN;

2. Application traffic can only talk to the internal server(s) via Ingress WAN;

3. Outbound traffic originated from internal servers has to go through Egress WAN;

4. Internal servers use private IP addresses

For example, I have:

Servers on Internal VLAN:

10.0.0.2

10.0.0.3

10.0.0.4

The mangement traffic (i.e. SNMP, ssh) uses the following public IPs to reach each server:

5.5.5.2

5.5.5.3

5.5.5.4

The application traffic (i.e. www, ftp) uses the following public IPs to reach each server:

6.6.6.2

6.6.6.3

6.6.6.4

The traffic initiated from the servers uses the following public IPs to access the Internet:

7.7.7.2

7.7.7.3

7.7.7.4

Given the requirements above, how do I design/configure my switch to achieve the goal? I've done some searches on the forum with no luck. Please kindly advise. Any hint would be appreciated too!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Mon, 07/02/2007 - 01:10

Hi

Can you just clarify what you want to do. Are you

1) trying to represent your internal servers as different public IP addresses to different outside networks ie. management traffic sees the 10.0.0.2 server as 5.5.5.2,

application traffic sees the 10.0.0.2 server as 6.6.6.2 etc.

or

2) Are you trying to present your management servers as 5.5.5.2/3/4 to the internal vlan, and the application servers as 6.6.6.2/3/4 to the internal vlan.

Jon

jackawang Mon, 07/02/2007 - 03:44

I guess 1) is close to what I wanted to do.

Ideally the internal server should have three NICs and each on a different VLAN. Every internal server would have three private IPs and they can be statically NAT to public IPs respectively.

However all internal servers only have one NIC and I do not want to run multiple IPs on a physical interface. This is the reason and background I ran into this issue. Please kindly advise an appropriate solution.

Actions

This Discussion