Internet access

Answered Question
Feb 5th, 2010
User Badges:

Hi Everyone,

    We have two ip segment (Public IP). We are already using one IP segment for Internet access. Now the new requirement is to use the remaining  IP segment for selected destination.


For example

1.2.3.4/26 segment activaly used for the internet access.

4.3.2.1/29 segment if free


Now we need to use this 4.3.2.1/29 segment for the internet access (only to browse Google.com)


How this can achived with out modifying the exciting setup.


Thank you

Vijay

Correct Answer by Ganesh Hariharan about 7 years 3 months ago

Hi Everyone,

    We have two ip segment (Public IP). We are already using one IP segment for Internet access. Now the new requirement is to use the remaining  IP segment for selected destination.


For example

1.2.3.4/26 segment activaly used for the internet access.

4.3.2.1/29 segment if free


Now we need to use this 4.3.2.1/29 segment for the internet access (only to browse Google.com)


How this can achived with out modifying the exciting setup.


Thank you

Vijay



Hi Vijay,


Firstly you need to specify what is the device is router or firewall. If router then divert all the internet traffic towards the new ip segment for port 80 traffic.Make sure you have DNS lookup enabled on your router by doing.
config t
ip domain-lookup


Then configure an access list as such if you don't want to use IP address.


config t
access-list 101 deny tcp any host www.badsite.com eq www
access-list 101 permit tcp any any eq www
access-list 101 permit ip any any


int fa0/0
ip access-group 150 in


If it is firewall then check out the below link for url blocking in firewall hope that help


http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml


If helpful do rate the post


Ganesh.H

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Ganesh Hariharan Sat, 02/06/2010 - 02:32
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hi Everyone,

    We have two ip segment (Public IP). We are already using one IP segment for Internet access. Now the new requirement is to use the remaining  IP segment for selected destination.


For example

1.2.3.4/26 segment activaly used for the internet access.

4.3.2.1/29 segment if free


Now we need to use this 4.3.2.1/29 segment for the internet access (only to browse Google.com)


How this can achived with out modifying the exciting setup.


Thank you

Vijay



Hi Vijay,


Firstly you need to specify what is the device is router or firewall. If router then divert all the internet traffic towards the new ip segment for port 80 traffic.Make sure you have DNS lookup enabled on your router by doing.
config t
ip domain-lookup


Then configure an access list as such if you don't want to use IP address.


config t
access-list 101 deny tcp any host www.badsite.com eq www
access-list 101 permit tcp any any eq www
access-list 101 permit ip any any


int fa0/0
ip access-group 150 in


If it is firewall then check out the below link for url blocking in firewall hope that help


http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml


If helpful do rate the post


Ganesh.H

pbvijay77 Sat, 02/06/2010 - 05:20
User Badges:

Hi Ganesh,

   Thank you very much for your reply.  It is the Firewall.This is secnario we have internet working fine.

Now to use new Public IP segment for accessing some particular portal.


The present setup at ASA 5520

global (outside) 1 61.x.x.x

nat (inside) 1 10.x.x.x 255.255.0.0


Everything works fine except some sites (example Google.com)


now we want to access the google.com with new ip segment 101.x.x.x. With out modifying the ip address of firewall interface.


Thank you

Vijay

(PS: by mistake clicked the correct ans on pervious reply Ooopss)

Ganesh Hariharan Sat, 02/06/2010 - 08:21
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hi Ganesh,

   Thank you very much for your reply.  It is the Firewall.This is secnario we have internet working fine.

Now to use new Public IP segment for accessing some particular portal.


The present setup at ASA 5520

global (outside) 1 61.x.x.x

nat (inside) 1 10.x.x.x 255.255.0.0


Everything works fine except some sites (example Google.com)


now we want to access the google.com with new ip segment 101.x.x.x. With out modifying the ip address of firewall interface.


Thank you

Vijay

(PS: by mistake clicked the correct ans on pervious reply Ooopss)


Hi Vijay,


OK what i would suggest rather just sending a google.com site to one link just make that link available for port 80 traffic from new link.Policy nat will do the thing in firewall just check out the below link on policy nat hope to help.


http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008046f31a.shtml



Ganesh.H

Actions

This Discussion