How to configure CISCO 2811 to support two Internal Subnets?

Unanswered Question
Oct 3rd, 2008

Could you help me

We have a CISCO 2811 router, its an interface connects to the external network and assigned IP;its another interface connects to internal switch and assigned IP;We have configured the NAT/PAT at 2811, redirect the port 80 and 443 ports access of to port 80 and 443 of internal web server).

We plan to add another switch to implement another internal subnet ( and another web server( in this new internal subnet, and want to implement the PAT: redirect access of port 80 and 443 of IP is for the new web server external access) to port 80 and 443 of new web server's internal IP).

Can we implement this if we add a HWIC-1FE module into the 2811 router? We need to connect the HWIC-1FE interface to the new switch and configure the PAT at 2811 router, right?

Thank you

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Collin Clark Fri, 10/03/2008 - 07:52

You can use a HWIC-1FE or you could use the HWIC-4ESW (cost is about 1/3rd of the HWCI1FE). The HWIC-4ESW is a small switch that is installed in the router. You would then create a new vlan in the router and NAT/PAT as normal using the VLAN interface instead of a dedicated Ethernet interface.

Hope that helps.

stevenyang Mon, 10/06/2008 - 07:01

Thank you, Collin

Can I configure the HWIC-4ESW as the following:

1. Assign the external IP to one interface of the HWIC-4ESW(this interface connects to the external).

2. Assign the internal IP to one interface of the HWIC-4ESW (this interface connects to the new internal switch).

3. Configure the NAT (from to

4. Configure the PAT (from 80 and 443 ports of to 80 and 443 ports of

Can we access through from internet in this way?

The enclosed is our current topology and my thought about using the HWIC-1FE, could you help me check it is feasible? And which one is suitable for us(HWIC-4ESW or HWIC-1FE)

Thank you!

Collin Clark Mon, 10/06/2008 - 08:51

Yes the above would work (questions 1-4). Either card will work equally well in this situation. The HWIC-4ESW is about 1/3 the price of an HWIC-1FE. With the HWIC-4ESW you could plug the servers directly in to the card and not have to buy another set of switches (or you could VLAN your internal switches too).

Hope that helps.

stevenyang Mon, 10/06/2008 - 12:30

Thank you, Collin

We purchased two switches for the new internal subnet already. We have four new servers (two database servers and two web servers), we plan to connect these servers into the default VLAN of the new switch.

Another question: what different between the HWIC-1FE and HWIC-4ESW? Can we implement the communication between the current internal subnet and the new subnet ( and using the HWIC-4ESW?

Thank you so much!

Collin Clark Mon, 10/06/2008 - 12:38

Yes you can implement communication. The HWIC-1FE is a single port fast ethernet module. The HWIC-4ESW is a 4 port fast ethernet switch. Instead of configuring an interface (w/the 1FE) you configure vlans on the router and assign one of the fast ethernet ports (from the HWIC-4ESW) to the vlan (just like a layer 3 switch).


This Discussion