01-03-2008 03:26 PM - edited 03-05-2019 08:16 PM
Hi,
We have received from our ISP multiple ip addresses. We want to move one of our web servers to this location, however we already have a web server from a different domain here. The DNS all make sense, how ever what doesn't make sense is how to configure the PAT to allow all the web requests on ip address to go to the one server, and all the other requests to go to the other server. We tried to create a secondary ip address on the public interface, to accomplish this.
The ACL's for the pat are as follows:
access-list 2 remark SDM_ACL Category=2
access-list 2 permit 10.10.50.0 0.0.0.255
access-list 3 remark SDM_ACL Category=2
access-list 3 permit 10.10.30.0 0.0.0.255
access-list 3 permit 10.10.10.0 0.0.0.255
access-list 3 permit 10.10.60.0 0.0.0.255
access-list 3 permit 10.10.20.0 0.0.0.255
The NAT Configuration is a follows:
ip http server
ip http access-class 4
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool X.X.X.42 X.X.X.42 X.X.X.42 netmask 255.255.255.0
ip nat pool X.X.X.22 X.X.X.22 X.X.X.22 netmask 255.255.255.0
ip nat source static udp 12.12.12.1 3389 interface FastEthernet0/0 3389
ip nat inside source list 2 pool X.X.X.42 overload
ip nat inside source list 3 pool X.X.X.22 overload
ip nat inside source static tcp 10.10.10.151 80 interface FastEthernet0/0 80
ip nat inside source static tcp 10.10.30.1 3389 interface FastEthernet0/0 4003
ip nat inside source static tcp 10.10.30.2 3389 interface FastEthernet0/0 4000
ip nat inside source static tcp 10.10.20.2 3389 interface FastEthernet0/0 4001
ip nat inside source static tcp 10.10.10.2 3389 interface FastEthernet0/0 4004
ip nat inside source static tcp 10.10.10.151 9000 interface FastEthernet0/0 9000
ip nat inside source static tcp 10.10.10.151 110 interface FastEthernet0/0 110
ip nat inside source static tcp 10.10.10.151 143 interface FastEthernet0/0 143
ip nat inside source static tcp 10.10.10.151 25 interface FastEthernet0/0 25
ip nat inside source static tcp 10.10.50.23 80 X.X.X.42 80 extendable
The public interface is a follows:
!
interface FastEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$$FW_OUTSIDE$$ETH-LAN$
bandwidth 4096
bandwidth receive 4096
ip address X.X.X.42 255.255.255.0 secondary
ip address X.X.X.22 255.255.255.0
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
Is there any one who can shed some light on this?
Thanks
01-09-2008 01:01 PM
You can enable PATing for the inside users.
Here are the commands we can enter in such case:
nat (inside) 100 x.x.x.x 255.255.255.0
global (outside) 100 y.y.y.y
x- network address
y - public address
for the outside initate you should enabel separate commands.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: