Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Public IP's are used up, any way round this - port forwarding?

Hi,

We haev used up all our public IP's due to NATing them to static private IP's, before we spend the time and money on getting more which will mean a completely new scope, can I do anything else? Like use one IP for 2 server but differnt ports as some server use http and other ftp etc.

Thanks

9 REPLIES
Cisco Employee

Re: Public IP's are used up, any way round this - port forwardin

exactly..you may do static port forwarding for inbound traffic

static (inside,outside) tcp x.x.x.x 25 y.y.y.y 25

static (inside,outside) tcp x.x.x.x 80 y.y.y.y 80

.

.

.

x.x.x.x--->public IP/Pix Outside Interface IP

y.y.y.y-->Private IP address

Do rate if it helps !

New Member

Re: Public IP's are used up, any way round this - port forwardin

Thanks,

Should I be doing your method anyway or is the static method I'm doing normal practise or a bit of both.

I ask as I like to keep to best practices.

Cisco Employee

Re: Public IP's are used up, any way round this - port forwardin

Well again it depends, if you have enough public IPs you may go with 1-1 static, but if you only have very limited IP then static port forwarding is a better choice

Moreover static port forwarding is unidirectional, that is only from outside to inside, for outbound you need normal nat(inside) and global (outside) for that host

Do rate if it helps !

New Member

Re: Public IP's are used up, any way round this - port forwardin

I guess I will have to add an rule on the Outside interface to allow this to work as I need an external public IP access to a private IP inside on a particular port?

Cisco Employee

Re: Public IP's are used up, any way round this - port forwardin

yes correct..you need ACLs besides the static port forwarding translation rule

New Member

Re: Public IP's are used up, any way round this - port forwardin

I must of done something wrong, I added the port forward (PAT) from the outside interface to the private IP of the server on tcp/80 just like your useful example.

I then add a rule on the outside interface to allow any ip to the private IP on port 80, but I got get access from the Internet.

Have I missed something, do you have another example?

Many thanks!

Cisco Employee

Re: Public IP's are used up, any way round this - port forwardin

Use the command line and add the following

static (inside,outside) tcp interface 80 80

and in the outside access-list add

access-l permit tcp any host y.y.y.y eq 80

y.y.y.y-->outside interface IP

New Member

Re: Public IP's are used up, any way round this - port forwardin

This is were I went wrong I think:

access-l permit tcp any host y.y.y.y eq 80

So because I have "bound" port 80 to my server the permit rule above knows how to get to the private IP?

Does this mean I can't use port 80 on another webserver?

Thanks

Cisco Employee

Re: Public IP's are used up, any way round this - port forwardin

correct..if you are translating inbound traffic on outside interface for port 80 to a specific server, you cannot use overlap or duplicate statics to use port 80 again

133
Views
0
Helpful
9
Replies
CreatePlease login to create content