We have a CISCO2811 router, and we have added a HWIC-4ESW module into it. We have registered a DNS at the DNS registration (www.test.com 184.108.40.206), we have translated the 80 and 443 ports of 220.127.116.11 to 192.168.10.3(our web site IP address). The web site works good.
We want to add another web site, and this web site is in another internal subnet. We have registered it as the following (www.test2.com 18.104.22.168), and translate 80 and 443 ports of 22.214.171.124 to 80 and 443 ports of 192.168.20.3 (the new web site's IP address). We have configured 126.96.36.199 as the secondary, and configured the PAT (from 188.8.131.52 to 192.168.2.3). Please see the enclosed for the details configuration.
We can access the old web site normally. When we ping the new web site (www.test2.com), we can get the correct address (184.108.40.206), when we access the new web site in IE from the outside of the new web server's subnet, we got the message "The server cannot find or DNS error". When we access the new web site in IE at the new web server, we have connected to the CISCO 2811! What's wrong? How do I configure the CISCO2811, and can access the old and new web site successfully?
You should remove the secondary address, there is no need for it. You may have to clear your NAT translation before it works [clear ip nat trans *]
no ip address 220.127.116.11 255.255.255.224 secondary
Hope that helps.
You mean I need to remove the secondary IP address (18.104.22.168 255.255.255.224), and reserve the PAT (from 22.214.171.124 to 192.168.2.0/24), right?
Yes, remove the secondary address.
Your PAT statement is fine (ip nat inside source list 1 interface FastEthernet0/1 overload).
Your NAT is OK as well (ip nat inside source static tcp 192.168.20.3 80 126.96.36.199 80 extendable
ip nat inside source static tcp 192.168.20.3 443 188.8.131.52 443 extendable)
I have remoted the secondary item, but I can't access the new web site still:( Did I need to configure others?
I run the "show ip nat trans" after I accessed the new web site, I got the following output:
tcp 184.108.40.206:80 192.168.2.3:80 --- ---
When I access the old web site (the external IP is 220.127.116.11, the web server's internal IP is 192.168.1.3) successfully I got the following output:
tcp 18.104.22.168:443 192.168.1.3:443 22.214.171.124:33145 126.96.36.199:33145
The 188.8.131.52 is our Firewall gateway IP address, I am not sure why the 192.168.2.3 has been translated to it, but not to the we assigned new external IP address for the new site (184.108.40.206).
From the new web server, can you access the outside (ie browse websites OK). I see that VLAN 1 is 192.168.20.0 /24. Do you have a switch module in the router? How do you provide access to that VLAN?
I can access the Internet from the new web server. And I can access the new web server using the remote desktop (the PAT 220.127.116.11:3389 to the 3389 port of the new web server)
The VLAN1 should be 192.168.2.0/24, not the 192.168.20.0/24.
We have purchased a HWIC-4ESW module and insert into the CISCO 2811 router, and we have connected this module's a interface to the output Firewall and another interface to the switch that connects to the new web server.
Some things are conflicting, can we verify? So VLAN 1 looks like this?
ip address 192.168.2.1 255.255.255.0
ip nat inside
And your NAT like this?
ip nat inside source static tcp 192.168.2.3 80 18.104.22.168 80 extendable
ip nat inside source static tcp 192.168.2.3 443 22.214.171.124 443 extendable
From the router you can ping 192.168.2.3 correct?
If your New Webserver Resides at 192.168.20.0 segment ten remove the command
no access-list 1 permit 192.168.20.0 0.0.0.255
Because this command will NAT you to 126.96.36.199 instead of 188.8.131.52 it may conflict so better to remove this command.
Warm Rgds, Arun