cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1021
Views
0
Helpful
5
Replies

How to configure CISCO 2811 to support two Internal Subnets?

stevenyang
Level 1
Level 1

Could you help me

We have a CISCO 2811 router, its an interface connects to the external network and assigned IP 69.64.188.136;its another interface connects to internal switch and assigned IP 192.168.1.1;We have configured the NAT/PAT at 2811, redirect the port 80 and 443 ports access of 69.64.188.136 to port 80 and 443 of 192.168.1.3(the internal web server).

We plan to add another switch to implement another internal subnet (192.168.2.0/24) and another web server(192.168.2.3) in this new internal subnet, and want to implement the PAT: redirect access of port 80 and 443 of 69.64.188.137(This IP is for the new web server external access) to port 80 and 443 of 192.168.2.3(the new web server's internal IP).

Can we implement this if we add a HWIC-1FE module into the 2811 router? We need to connect the HWIC-1FE interface to the new switch and configure the PAT at 2811 router, right?

Thank you

5 Replies 5

Collin Clark
VIP Alumni
VIP Alumni

You can use a HWIC-1FE or you could use the HWIC-4ESW (cost is about 1/3rd of the HWCI1FE). The HWIC-4ESW is a small switch that is installed in the router. You would then create a new vlan in the router and NAT/PAT as normal using the VLAN interface instead of a dedicated Ethernet interface.

Hope that helps.

stevenyang
Level 1
Level 1

Thank you, Collin

Can I configure the HWIC-4ESW as the following:

1. Assign the external IP 69.64.188.136 to one interface of the HWIC-4ESW(this interface connects to the external).

2. Assign the internal IP 192.168.2.1 to one interface of the HWIC-4ESW (this interface connects to the new internal switch).

3. Configure the NAT (from 69.64.188.136 to 192.168.2.1)

4. Configure the PAT (from 80 and 443 ports of 69.64.188.136 to 80 and 443 ports of 192.168.2.3)

Can we access 192.168.2.3 through 69.64.188.136 from internet in this way?

The enclosed is our current topology and my thought about using the HWIC-1FE, could you help me check it is feasible? And which one is suitable for us(HWIC-4ESW or HWIC-1FE)

Thank you!

Yes the above would work (questions 1-4). Either card will work equally well in this situation. The HWIC-4ESW is about 1/3 the price of an HWIC-1FE. With the HWIC-4ESW you could plug the servers directly in to the card and not have to buy another set of switches (or you could VLAN your internal switches too).

Hope that helps.

stevenyang
Level 1
Level 1

Thank you, Collin

We purchased two switches for the new internal subnet already. We have four new servers (two database servers and two web servers), we plan to connect these servers into the default VLAN of the new switch.

Another question: what different between the HWIC-1FE and HWIC-4ESW? Can we implement the communication between the current internal subnet and the new subnet (192.168.1.0/24 and 192.168.2.0/24) using the HWIC-4ESW?

Thank you so much!

Yes you can implement communication. The HWIC-1FE is a single port fast ethernet module. The HWIC-4ESW is a 4 port fast ethernet switch. Instead of configuring an interface (w/the 1FE) you configure vlans on the router and assign one of the fast ethernet ports (from the HWIC-4ESW) to the vlan (just like a layer 3 switch).

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: