06-30-2007 11:37 AM - edited 03-05-2019 05:03 PM
I have a requirement to setup a network so that an internal server communicates with outside world through different WAN networks. I have three separate WAN connections terminated on a single Cisco 6500. The internal network also connects to the same switch.
External VLANs: Ingress, Egress and Management
Internal VLAN: Internal
Requirements:
1. Management traffic can only talk to the internal server(s) via Management WAN;
2. Application traffic can only talk to the internal server(s) via Ingress WAN;
3. Outbound traffic originated from internal servers has to go through Egress WAN;
4. Internal servers use private IP addresses
For example, I have:
Servers on Internal VLAN:
10.0.0.2
10.0.0.3
10.0.0.4
The mangement traffic (i.e. SNMP, ssh) uses the following public IPs to reach each server:
5.5.5.2
5.5.5.3
5.5.5.4
The application traffic (i.e. www, ftp) uses the following public IPs to reach each server:
6.6.6.2
6.6.6.3
6.6.6.4
The traffic initiated from the servers uses the following public IPs to access the Internet:
7.7.7.2
7.7.7.3
7.7.7.4
Given the requirements above, how do I design/configure my switch to achieve the goal? I've done some searches on the forum with no luck. Please kindly advise. Any hint would be appreciated too!
07-02-2007 01:10 AM
Hi
Can you just clarify what you want to do. Are you
1) trying to represent your internal servers as different public IP addresses to different outside networks ie. management traffic sees the 10.0.0.2 server as 5.5.5.2,
application traffic sees the 10.0.0.2 server as 6.6.6.2 etc.
or
2) Are you trying to present your management servers as 5.5.5.2/3/4 to the internal vlan, and the application servers as 6.6.6.2/3/4 to the internal vlan.
Jon
07-02-2007 03:44 AM
I guess 1) is close to what I wanted to do.
Ideally the internal server should have three NICs and each on a different VLAN. Every internal server would have three private IPs and they can be statically NAT to public IPs respectively.
However all internal servers only have one NIC and I do not want to run multiple IPs on a physical interface. This is the reason and background I ran into this issue. Please kindly advise an appropriate solution.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide