Solved: Public IP behind cisco router

tung · ‎01-22-2008

Hello,

I'm wondering how can we setup our servers to use public IP behind the cisco router. We have a block of 5 IP.

int ethernet0 192.168.10.1

int ethernet1 192.168.10.2

Server1 192.168.10.3

server2 192.168.10.4

is this posible? Thanks

JORGE RODRIGUEZ · ‎01-22-2008

Use NAT

http://www.cisco.com/en/US/tech/tk648/tk361/tk438/tsd_technology_support_sub-protocol_home.html

on your post you have two same IP addresses for two different inetrfaces, I assume is a typo

but lets say you have 192.168.10.0/24 and 192.168.11.0/24 for sake of example.

You public IP address:

1- 2.2.2.10

2- 2.2.2.11

3- 2.2.2.12

4- 2.2.2.13

5- 2.2.2.14

you only need two for your servers

for TCP services example we use port 80

e.g

Router

Interface S0/1

Description OUTBOUND_ISP_LINK

IP 2.2.2.2 255.255.255.0

ip nat outside

interface fasethernt0/1

Description Segment_192.168.10.0/24

ip nat inside

speed 100

dupplex full

no shutdown

interface fasethernt0/1

Description Segment_192.168.11.0/24

ip nat inside

speed 100

dupplex full

no shutdown

ip nat inside source static 192.168.10.3 2.2.2.10

ip nat inside source static 192.168.11.4 2.2.2.11

access-list 101 permit tcp any 2.2.2.10 0.0.0.255 eq 80

access-list 101 permit tcp any 2.2.2.11 0.0.0.255 eq 80

interface s0/1

ip access-group 101 in

John friend, I let you take it away.. I just did not want to loose my text.

Rgds

Jorge

Jorge Rodriguez

View solution in original post

Jon Marshall · ‎01-22-2008

Hi

Not sure i understand the example. You have eth0 and eth1 on the same subnet which is not possible on a router.

Assuming you didn't want to put in one of your public IP addresses in the example and assuming you want outside users to access your servers using public IP addresses you can present your servers on public IP addresses by

ip nat inside source static 192.168.10.3 "public IP1"

ip nat inside source static 192.168.10.4 "public IP2"

You need to configure "ip nat inside" under the interface on your router that connects to the 192.168.10.x network. You need "ip nat outside" on the interface on your router with a public IP address.

If you do not have enough public IP addresses for each server then you can use public IP for multiple private addresses. This is called port fowarding.

If i have misunderstood please come back with more detailed requirements.

HTH

Jon

JORGE RODRIGUEZ · ‎01-22-2008

Use NAT

http://www.cisco.com/en/US/tech/tk648/tk361/tk438/tsd_technology_support_sub-protocol_home.html

on your post you have two same IP addresses for two different inetrfaces, I assume is a typo

but lets say you have 192.168.10.0/24 and 192.168.11.0/24 for sake of example.

You public IP address:

1- 2.2.2.10

2- 2.2.2.11

3- 2.2.2.12

4- 2.2.2.13

5- 2.2.2.14

you only need two for your servers

for TCP services example we use port 80

e.g

Router

Interface S0/1

Description OUTBOUND_ISP_LINK

IP 2.2.2.2 255.255.255.0

ip nat outside

interface fasethernt0/1

Description Segment_192.168.10.0/24

ip nat inside

speed 100

dupplex full

no shutdown

interface fasethernt0/1

Description Segment_192.168.11.0/24

ip nat inside

speed 100

dupplex full

no shutdown

ip nat inside source static 192.168.10.3 2.2.2.10

ip nat inside source static 192.168.11.4 2.2.2.11

access-list 101 permit tcp any 2.2.2.10 0.0.0.255 eq 80

access-list 101 permit tcp any 2.2.2.11 0.0.0.255 eq 80

interface s0/1

ip access-group 101 in

John friend, I let you take it away.. I just did not want to loose my text.

Rgds

Jorge

Jorge Rodriguez

Jon Marshall · ‎01-22-2008

Jorge

No problem, i know how frustrating it can be when you spend ages typing something up only to find someone has already posted :)

Jon

tung · ‎01-22-2008

Thanks a lot guys. It really help.