×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

SRP547W - Multiple WAN IPs

Unanswered Question
Mar 19th, 2012
User Badges:

There are a few discussions on this topic but nothing I can find indicated definativley shows that this can be done with this model.


I have an ADSL service that came with 1 IP address and then we later purchased an additional 4 IPs (2 usable) for the same service.

On our network we have SBS2011 and also a dedicated web server. What I would like to do is forward HTTPS to the web server on our inital IP and then forward https for OWA  to one of the IPs on the additional set.


Our initial IP is xxx.yyy.104.112 which I would like to forward port 443 to  192.168.0.12 - web server


The additional IPs are :


aaa.bbb.30.24 (Gateway Address)

aaa.bbb.30.25

aaa.bbb.30.26 - I would like to forward this to 192.168.0.2 - SBS box

aaa.bbb.30.27


I have tried as suggested in other thread setting up a software DMZ that sends public IP aaa.bbb.30.26 to 192.168.0.12. The xxx.yyy.104.112 to 192.168.0.12 works with a port 443  forward fine.


When I do this I cant connect from outside.


If I change the port forward on 443 to go to 192.168.0.2 I can get to the SBS box from outside using the aaa.bbb.30.26 address .


I have also tried creating a subinterface for the aaa.bbb.30.24 addresses and this also doesnot seem to work.


Just I am basically asking for confirmation that this can be done with this model, I have put in the latest firmware.


Thanks

Ian

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Andrew Hickman Mon, 03/19/2012 - 06:18
User Badges:
  • Cisco Employee,

Hi Ian,


I'm not sure that I completely follow your configuration steps above, but I believe that I understand what you need to do.


If you would like:


x.x.104.112:443 ->192.168.0.12 (web server) and

x.x.30.26:443 -> 192.168.0.2 (SBS)


Then create:

a) NAT > Port forwarding directed to and enabled for port 443 to 192.168.0.12

b) DMZ > Software DMZ enabled for directing traffic from x.x.30.26 to 192.168.0.2


I've just tried the above and it appears to be working correctly for me (I tested using port 21 rather than 443, although that shouldn't make any difference)


While the config above should work correctly, it will expose the SBS server to communication on all ports.  Assuming that this is not what you want, you should also create some advanced firewall rules to restrict traffic to only permit traffic on port 443 through to the SBS.  See this thread for more details, but in summary you just need two rules as follows:


1. From WAN1 to LAN1, source 0.0.0.0/0.0.0.0 dest 192.168.0.2/255.255.255.255 proto TCP sport any dport 443 permit

2. From WAN1 to any, source 0.0.0.0/0.0.0.0 dest 192.168.0.2/255.255.255.255 proto any sport any dport any deny


Note that you will be filtering traffic on the local (private) address, not the external address.


Hope that helps,


Andy

iandjones Mon, 03/19/2012 - 09:03
User Badges:

Thanks Andrew so much for the help. I wont be able to get back to the clients site for about 16 hours but will try again with your info. Ian

iandjones Wed, 03/21/2012 - 23:39
User Badges:

Andrew,

Thanks so much for your help - all working now.

When I first tried to set this up I thought I had to add a subinterface to the adsl port, which I tried to do. Even though I deleted the subinterface I am guessing that creating it caused some issues.

After doing a restore to factory default through the web interface and setting up again all works ok.

Sorry it took a while to get back to you but the window where I can take this offline is pretty small.

Thanks again.

Ian

Actions

This Discussion