Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Network design to assign public IP addresses on servers?

Hi,

I'm wondering how one would create a network in order to be able to assign public IP addresses on servers??

Excuse the bad wording and phrasing but I haven't done anything like this before since I've just graduated from the CCNA but have been asked to design a small data center infrastructure.

My idea is that I will use a Cisco 1801 coupled with a 2950T switch to provide NAT based access to servers.

The issue I am having however is that I would like to create 2 public DNS servers and assign public IP's to each of them. Doing this server side is easy my issue however is, how do I configure the 1800??

It will be used as primary gateway so no probs there with a simple stub network design, however is it possible to exclude some of the internal switch ports from the NAT? Of course the 1800 has a L2 managed switch but where there is a managed switch it means there are VLANs and I'm sure that the IOS will complain if the IP address of the routable port is within the same subnet as on of the VLAN's.

Is it possible for anyone to give me any hints or clues as to what and how to manage the design of this?

I mean DMz styled access would still just create a 1:1 NAT relationship with all ports being opened up but the machines still having private IP addresses.

Most likely I would need a L3 switch but haven't got the budget for that.

Many thanks for any responses!

Regards,

Kaya

4 REPLIES
Hall of Fame Super Blue

Re: Network design to assign public IP addresses on servers?

kayasaman wrote:

Hi,

I'm wondering how one would create a network in order to be able to assign public IP addresses on servers??

Excuse the bad wording and phrasing but I haven't done anything like this before since I've just graduated from the CCNA but have been asked to design a small data center infrastructure.

My idea is that I will use a Cisco 1801 coupled with a 2950T switch to provide NAT based access to servers.

The issue I am having however is that I would like to create 2 public DNS servers and assign public IP's to each of them. Doing this server side is easy my issue however is, how do I configure the 1800??

It will be used as primary gateway so no probs there with a simple stub network design, however is it possible to exclude some of the internal switch ports from the NAT? Of course the 1800 has a L2 managed switch but where there is a managed switch it means there are VLANs and I'm sure that the IOS will complain if the IP address of the routable port is within the same subnet as on of the VLAN's.

Is it possible for anyone to give me any hints or clues as to what and how to manage the design of this?

I mean DMz styled access would still just create a 1:1 NAT relationship with all ports being opened up but the machines still having private IP addresses.

Most likely I would need a L3 switch but haven't got the budget for that.

Many thanks for any responses!

Regards,

Kaya

Kaya


1) You would create a vlan for the DNS servers eg vlan 10

2) allocate 2 of the ports into vlan 10

3) create a L3 vlan interface for vlan 10

4) under the L3 vlan interface configure "ip nat inside"

5) under the WAN interface configure "ip nat outside"

6) then for each DNS server

    ip nat inside source static

Jon

New Member

Re: Network design to assign public IP addresses on servers?

Hi Jon,

many thanks for the response!

Actually in my current setup I have something like that:

ip nat inside source static tcp 192.168.1.100 53 interface Dialer0 53
ip nat inside source static udp 192.168.1.100 53 interface Dialer0 53

As I'm using an 857W.

What I wanted to achieve though was to configure the servers with pulic IP's: say just to use my personal public IP from home: 81.178.2.118 then give the slave DNS server whatever else the ISP has offered.

But am not sure if I'm getting confused here as if it's not industry practice to open up servers fully to the web unless in a DMz scenario.

I guess the only way as you've described would be to use something like:


ip nat inside source static udp 192.168.1.100 53 interface 81.178.2.118 53 extendable where I have given my personal public IP would be the inside global IP of the NAT???

Hall of Fame Super Blue

Re: Network design to assign public IP addresses on servers?

kayasaman wrote:

Hi Jon,

many thanks for the response!

Actually in my current setup I have something like that:

ip nat inside source static tcp 192.168.1.100 53 interface Dialer0 53
ip nat inside source static udp 192.168.1.100 53 interface Dialer0 53

As I'm using an 857W.

What I wanted to achieve though was to configure the servers with pulic IP's: say just to use my personal public IP from home: 81.178.2.118 then give the slave DNS server whatever else the ISP has offered.

But am not sure if I'm getting confused here as if it's not industry practice to open up servers fully to the web unless in a DMz scenario.

I guess the only way as you've described would be to use something like:


ip nat inside source static udp 192.168.1.100 53 interface 81.178.2.118 53 extendable where I have given my personal public IP would be the inside global IP of the NAT???

If you want to configure the DNS servers with their public IPs then they cannot be out of the same subnet as the outside interface of your 1801 - is this your problem ? If so you can do one of 2 things

1) Can you further subnet down yur public address space so eg. if your subnet space was 195.17.17.0 255.255.255.240 you could create 2 subnets -

195.17.17.0 255.255.255.248 & 195.17.17.8 255.255.255.248

and then use the subnet that does not include the outside interface address for your DNS servers. Problem is you are wasting public IPs this way.

2) As per previous post use private addressing on the DNS servers and NAT to a public IP. This way it doesn't matter if the public IPs for the DNS servers are in the same subnet as the outside interface IP.

Jon

New Member

Re: Network design to assign public IP addresses on servers?

Thanks Jon I think you hit it right on what I'm trying to achieve with result no.1:

[quote]

If you want to configure the DNS servers with their public IPs then they cannot be out of the same subnet as the outside interface of your 1801 - is this your problem ? If so you can do one of 2 things

1) Can you further subnet down yur public address space so eg. if your subnet space was 195.17.17.0 255.255.255.240 you could create 2 subnets -

195.17.17.0 255.255.255.248 & 195.17.17.8 255.255.255.248

and then use the subnet that does not include the outside interface address for your DNS servers. Problem is you are wasting public IPs this way.

2) As per previous post use private addressing on the DNS servers and NAT to a public IP. This way it doesn't matter if the public IPs for the DNS servers are in the same subnet as the outside interface IP.

[/quote]

I mean I am only after assigning public IP addresses as I am not sure if the DNS software Bind can do zone tranfers over WAN by using private IP's??

I guess I need to get on to the ISC Bind mainling list about it but that's really my only concern as I will run master/slave configuration.

Kaya

P.s. Times like this I wish I worked in a live data center with high speed L3 fiber switches as I would at least begin to understand how things are configured!

2290
Views
0
Helpful
4
Replies