Public IP behind cisco router

Answered Question
Jan 22nd, 2008

Hello,


I'm wondering how can we setup our servers to use public IP behind the cisco router. We have a block of 5 IP.


int ethernet0 192.168.10.1

int ethernet1 192.168.10.2

Server1 192.168.10.3

server2 192.168.10.4


is this posible? Thanks

Correct Answer by JORGE RODRIGUEZ about 9 years 1 month ago

Use NAT


http://www.cisco.com/en/US/tech/tk648/tk361/tk438/tsd_technology_support_sub-protocol_home.html


on your post you have two same IP addresses for two different inetrfaces, I assume is a typo

but lets say you have 192.168.10.0/24 and 192.168.11.0/24 for sake of example.





You public IP address:

1- 2.2.2.10

2- 2.2.2.11

3- 2.2.2.12

4- 2.2.2.13

5- 2.2.2.14


you only need two for your servers

for TCP services example we use port 80



e.g


Router


Interface S0/1

Description OUTBOUND_ISP_LINK

IP 2.2.2.2 255.255.255.0

ip nat outside



interface fasethernt0/1

Description Segment_192.168.10.0/24

ip nat inside

speed 100

dupplex full

no shutdown


interface fasethernt0/1

Description Segment_192.168.11.0/24

ip nat inside

speed 100

dupplex full

no shutdown



ip nat inside source static 192.168.10.3 2.2.2.10

ip nat inside source static 192.168.11.4 2.2.2.11



access-list 101 permit tcp any 2.2.2.10 0.0.0.255 eq 80

access-list 101 permit tcp any 2.2.2.11 0.0.0.255 eq 80



interface s0/1

ip access-group 101 in



John friend, I let you take it away.. I just did not want to loose my text.



Rgds

Jorge


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Jon Marshall Tue, 01/22/2008 - 14:24

Hi


Not sure i understand the example. You have eth0 and eth1 on the same subnet which is not possible on a router.


Assuming you didn't want to put in one of your public IP addresses in the example and assuming you want outside users to access your servers using public IP addresses you can present your servers on public IP addresses by


ip nat inside source static 192.168.10.3 "public IP1"


ip nat inside source static 192.168.10.4 "public IP2"


You need to configure "ip nat inside" under the interface on your router that connects to the 192.168.10.x network. You need "ip nat outside" on the interface on your router with a public IP address.


If you do not have enough public IP addresses for each server then you can use public IP for multiple private addresses. This is called port fowarding.


If i have misunderstood please come back with more detailed requirements.


HTH


Jon

Correct Answer
JORGE RODRIGUEZ Tue, 01/22/2008 - 14:34

Use NAT


http://www.cisco.com/en/US/tech/tk648/tk361/tk438/tsd_technology_support_sub-protocol_home.html


on your post you have two same IP addresses for two different inetrfaces, I assume is a typo

but lets say you have 192.168.10.0/24 and 192.168.11.0/24 for sake of example.





You public IP address:

1- 2.2.2.10

2- 2.2.2.11

3- 2.2.2.12

4- 2.2.2.13

5- 2.2.2.14


you only need two for your servers

for TCP services example we use port 80



e.g


Router


Interface S0/1

Description OUTBOUND_ISP_LINK

IP 2.2.2.2 255.255.255.0

ip nat outside



interface fasethernt0/1

Description Segment_192.168.10.0/24

ip nat inside

speed 100

dupplex full

no shutdown


interface fasethernt0/1

Description Segment_192.168.11.0/24

ip nat inside

speed 100

dupplex full

no shutdown



ip nat inside source static 192.168.10.3 2.2.2.10

ip nat inside source static 192.168.11.4 2.2.2.11



access-list 101 permit tcp any 2.2.2.10 0.0.0.255 eq 80

access-list 101 permit tcp any 2.2.2.11 0.0.0.255 eq 80



interface s0/1

ip access-group 101 in



John friend, I let you take it away.. I just did not want to loose my text.



Rgds

Jorge


Jon Marshall Tue, 01/22/2008 - 14:36

Jorge


No problem, i know how frustrating it can be when you spend ages typing something up only to find someone has already posted :)


Jon

Actions

This Discussion