Configure a server's WAN (exit) IP?

Answered Question
Jan 29th, 2013
User Badges:

We have cable internet with 5 assigned static IP addresses.

The UC-540 is assigned say 8.8.8.10

Our SBS 2011 server is assigned 8.8.8.11 with ports 25/80/443/3389 NAT'd to 92.168.10.10 on the LAN


All server (192.168.1.10) traffic must exit the network via 8.8.8.11 in order to eliminate multiple issues (email, vpn, etc).


Currently when I point the server's browser at http://whatismyip.com, the website returns the UC540 gateway IP of 8.8.8.10 in my example.

I need the website to return 8.8.8.11 instead.


Any help appreciated.

Correct Answer by johschaf about 4 years 6 months ago

Hello,


My apologies, I didn't provide you the correct instructions.


You first need to define the pool of available external IP addresses to use. In this case, just the 1 external IP for the server.


Then you need to create the NAT mapping where you tie the internal and external IPs. Make sure to set the NAT mapping for all ports.


Thanks,


-john

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (2 ratings)
Loading.
johschaf Tue, 01/29/2013 - 09:58
User Badges:
  • Silver, 250 points or more

Hello,


You can do this in CCA under: Configure -> Security -> NAT. Then you need to define a NAT pool with the external IP and internal IP.


Thanks,


-john

Brook Powers Tue, 01/29/2013 - 11:28
User Badges:

Ive taken you advise and deleted, receated, restarted and still the same result.

Any ideas?

Correct Answer
johschaf Tue, 01/29/2013 - 11:37
User Badges:
  • Silver, 250 points or more

Hello,


My apologies, I didn't provide you the correct instructions.


You first need to define the pool of available external IP addresses to use. In this case, just the 1 external IP for the server.


Then you need to create the NAT mapping where you tie the internal and external IPs. Make sure to set the NAT mapping for all ports.


Thanks,


-john

Brook Powers Tue, 01/29/2013 - 13:13
User Badges:

John,


That worked. Thanks much.

The secret is to delete all the pools.

Then, create the new pools.

Finally to create the proper NAT mapping.


It may have helped to wr and restart the UC540 as well.


Cisco should make CCA apply in changes in the correct order in the next relase.

Brook Powers Fri, 02/15/2013 - 08:21
User Badges:

If I map the for all ports to make this work, isnt that a security issue?

It seems to me that I will have to put a firewall behind the UC540 firewall to protect the Small Business Server having having all ports exposed to the internet.

Brook Powers Tue, 02/19/2013 - 08:59
User Badges:

The UC540 has to be at the edge of the network to do QOS.

It would be kind of silly to put a firewall behind the UC540.

Does anyone have any ideas?

Alexander Maroukian Tue, 02/19/2013 - 15:04
User Badges:
  • Cisco Employee,

Hello Brook,


NAT settings are different from the ACL settings.

You may nat the external address to a certain internal ip but in the ACL on the WAN port you may allow only the needed traffic to pass.


HTH,

Alex


*Please rate helpful posts

Actions

This Discussion