Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ADSL termination w/ multiple IP address and NAT / DMZ ?


I have a 2811 router with 2 FastEthernet ports and plan to add a ADSL card.

I have a block of 16 ip address on the ADSL line.

What I want to achieve is

1. One FastEthernet interface (with subinterfaces) is connected to the local VLAN's

2. The router should have a public IP address so that it can terminate VPN clients / perform NAT for the internal networks.

3. I now also have several servers that need Public IP addressess to be connected to the router.

If I terminate my ADSL ISP on the Dialer0 interface, and give it an IP address, I assume I cannot assign an IP address in the same subnet for one of the FastEthernet ports ?

(If I could, then I could plug that interface into a switch and connect my hosts to the switch)

In such a case, Do I have to setup a DMZ ? I dont want to perform NAT/PAT to be able to access the hosts with public IP addresess.



Re: ADSL termination w/ multiple IP address and NAT / DMZ ?

Hi Shahed

If you are having same ip being assigned to you by your SP on the ADSL connection then you can have your VPN Clients logging onto the router using that ip.

If you are not getting the same ip all the times then better make the clients to get the vpn established to your ethernet interface assigned with the public ip taken from the ip pool..

I also would suggest to create access-lists so that you allow the vpn clients to access only the limited resources and not all of them..


New Member

Re: ADSL termination w/ multiple IP address and NAT / DMZ ?

Hi Premkumar,

I think you misunderstood my main problem.

I want to be able to host a web / dns server with a public IP address, as I already have 16 IP addresses allocated to me.

After a bit of reading, I found out that I can do the following :-

1. For my public web servers use Static NAT

2. Additionally put them in a DMZ for added security.

The only thing that I wanted to avoid, was using static NAT.

My old ISP provided me with a ADSL modem, with a 4 port switch. I could simply plug in devices, and give them public addresses, from my allocated pool.

I was wondering if I could do the same if I terminated the ADSL on a router, but it looks unlikely, and I guess I would have to use static NAT.