Internet access

Answered Question
Feb 5th, 2010

Hi Everyone,

    We have two ip segment (Public IP). We are already using one IP segment for Internet access. Now the new requirement is to use the remaining  IP segment for selected destination.

For example

1.2.3.4/26 segment activaly used for the internet access.

4.3.2.1/29 segment if free

Now we need to use this 4.3.2.1/29 segment for the internet access (only to browse Google.com)

How this can achived with out modifying the exciting setup.

Thank you

Vijay

I have this problem too.
0 votes
Correct Answer by Ganesh Hariharan about 6 years 10 months ago

Hi Everyone,

    We have two ip segment (Public IP). We are already using one IP segment for Internet access. Now the new requirement is to use the remaining  IP segment for selected destination.

For example

1.2.3.4/26 segment activaly used for the internet access.

4.3.2.1/29 segment if free

Now we need to use this 4.3.2.1/29 segment for the internet access (only to browse Google.com)

How this can achived with out modifying the exciting setup.

Thank you

Vijay

Hi Vijay,

Firstly you need to specify what is the device is router or firewall. If router then divert all the internet traffic towards the new ip segment for port 80 traffic.Make sure you have DNS lookup enabled on your router by doing.
config t
ip domain-lookup

Then configure an access list as such if you don't want to use IP address.

config t
access-list 101 deny tcp any host www.badsite.com eq www
access-list 101 permit tcp any any eq www
access-list 101 permit ip any any

int fa0/0
ip access-group 150 in

If it is firewall then check out the below link for url blocking in firewall hope that help

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

If helpful do rate the post

Ganesh.H

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Ganesh Hariharan Sat, 02/06/2010 - 02:32

Hi Everyone,

    We have two ip segment (Public IP). We are already using one IP segment for Internet access. Now the new requirement is to use the remaining  IP segment for selected destination.

For example

1.2.3.4/26 segment activaly used for the internet access.

4.3.2.1/29 segment if free

Now we need to use this 4.3.2.1/29 segment for the internet access (only to browse Google.com)

How this can achived with out modifying the exciting setup.

Thank you

Vijay

Hi Vijay,

Firstly you need to specify what is the device is router or firewall. If router then divert all the internet traffic towards the new ip segment for port 80 traffic.Make sure you have DNS lookup enabled on your router by doing.
config t
ip domain-lookup

Then configure an access list as such if you don't want to use IP address.

config t
access-list 101 deny tcp any host www.badsite.com eq www
access-list 101 permit tcp any any eq www
access-list 101 permit ip any any

int fa0/0
ip access-group 150 in

If it is firewall then check out the below link for url blocking in firewall hope that help

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

If helpful do rate the post

Ganesh.H

pbvijay77 Sat, 02/06/2010 - 05:20

Hi Ganesh,

   Thank you very much for your reply.  It is the Firewall.This is secnario we have internet working fine.

Now to use new Public IP segment for accessing some particular portal.

The present setup at ASA 5520

global (outside) 1 61.x.x.x

nat (inside) 1 10.x.x.x 255.255.0.0

Everything works fine except some sites (example Google.com)

now we want to access the google.com with new ip segment 101.x.x.x. With out modifying the ip address of firewall interface.

Thank you

Vijay

(PS: by mistake clicked the correct ans on pervious reply Ooopss)

Ganesh Hariharan Sat, 02/06/2010 - 08:21

Hi Ganesh,

   Thank you very much for your reply.  It is the Firewall.This is secnario we have internet working fine.

Now to use new Public IP segment for accessing some particular portal.

The present setup at ASA 5520

global (outside) 1 61.x.x.x

nat (inside) 1 10.x.x.x 255.255.0.0

Everything works fine except some sites (example Google.com)

now we want to access the google.com with new ip segment 101.x.x.x. With out modifying the ip address of firewall interface.

Thank you

Vijay

(PS: by mistake clicked the correct ans on pervious reply Ooopss)

Hi Vijay,

OK what i would suggest rather just sending a google.com site to one link just make that link available for port 80 traffic from new link.Policy nat will do the thing in firewall just check out the below link on policy nat hope to help.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008046f31a.shtml

Ganesh.H

Actions

This Discussion