limited public IP addresses

Unanswered Question
May 7th, 2008

I am looking at switching ISPs. Currently I have an abundance of public IP addresses, but if I switch I will only get 5. I know which servers I need to assign a public IP address. I also need to assign one to my firewall for NAT. Is there a way to not have one assigned to my router? Obviously, my Cisco 2524 router is on the public side of my firewall. The firewall is an MS ISA 2006 server, with the public NIC card currently configured with the gateway as my 2524 router.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
d.metheny Wed, 05/07/2008 - 11:11

If the router's interface is touching the ISP's public network, you're going to need one of their public IP's.

Why won't the ISP let you buy more? Have you checked with other ISP's?

Do all of your servers require external/public access to provide the same services (are they all web servers, etc.)? If not, you can split up inbound traffic on different ports to different internal/private IP's based upon whatever the server is doing (for example, you can use the same external IP on a firewall for a web server AND a physically separate SMTP server).

OptimusBob Wed, 05/07/2008 - 12:09

I am unsure how to split an IP. Would it be by the port #? Would it be done on the firewall? I seen this with cable gateway routers. Is it the same? I have been spoiled with all public IPs in the past.

I have two servers that use the same ports, the others do not. I have a web/ftp server in front of the firewall. I have two citrix servers and an SMTP server behind the firewall. I also need an IP for the router and the firewall. So, if I had 6 public IPs I would be fine.

This ISP is by far the cheapest around, fast, and reliable. They have a smaller pool of IPs the draw from.

d.metheny Wed, 05/07/2008 - 12:16

You can direct inbound traffic by port in the firewall (at least that's what I've seen in Cisco and SonicWall) for servers inside the FW.

Actions

This Discussion