Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Assigning Multiple Public IP Addresses via Cisco Router

Status
Not open for further replies.
mRgEE

mRgEE

IS-IT--Management
Oct 13, 2003
61
GB
Hi,

I already have one public ip address that is being used to host my http (external facing website), https (Outlook Web Access) and smtp (Exchange Server) traffic to internal services. Now I have the need to provide access to another https service (Citrix Secure Gateway) on a different server. I have 2 public IP addresses assigned to me from my ISP. My internal subnet is 10.0.0.0 255.0.0.0.

Question is, how do I configure my router to use both public IP addresses and forward the different https traffic to the different internal servers? My current router is a netgear which only allows 1 public IP address to be assigned to it. I plan to replace the Netgear with my Cisco 2600 router if it is indeed capable of acheiving this config.
 
Sort by date Sort by votes
you netgear would be able to do this using port forwading, you can only host one thing on one port but PAT should be fine.

Visit for free Cisco rack access.

CCNA, CCDA, CCNP, CCDP, CCIE R&S (Written), Net+, MCP, NCTS
 
Upvote 0 Downvote
I already have port forwarding set for https port 443 forwarding internally to 10.0.0.10 for Outlook Web Access. I now have another https secure site on my 10.0.0.86 server (for citrix secure gateway) that I need to be able to send https traffic to. So when the https (port 443) traffic hits my router / firewall any https traffic is automatically directed to 10.0.0.10 - there is no way to differentiate the different https traffic as far as I can see other than utilize another public IP address.

If you know another way please explain :)
 
Upvote 0 Downvote
I have been thinking about this issue for some time now and wonder if an extended access list may be the solutuon I am looking for?

For example...

I assign my first public IP address to the Internet interface, then create a subinterface on the Internet interface and assign my second public IP address to this.

Then with an extended ACL I could use the following statements to allow traffic inbound to both servers that need to allow https: -

access-list 101 permit tcp any host 10.0.0.1 eq https
access-list 101 permit tcp any host 10.0.0.86 eq https
access-list 101 deny ip any any

Would this work?
 
Upvote 0 Downvote
You are going to need static nat. assign the interface one public ip address, then use natting and access to achieve what you need to do with the second ip address.
 
Upvote 0 Downvote
you can add multiple IPs to your outside(internet) interface without having to create subinterfaces
example:
interface Ethernet3
ip address 172.68.1.100 255.255.255.0
ip address 172.68.1.101 255.255.255.0 secondary
ip address 172.68.1.102 255.255.255.0 secondary
ip nat outside

Then you can create a static map and map the public IP with one of your private IPs

Look here for examples

Hope this helps
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

B
  • Locked
  • Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
218
badwolf1686
B
pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
577
nt8d09
nt8d09
CPM86
  • Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
353
CPM86
CPM86
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
569
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
544
Jared R
Jared R

Part and Inventory Search

Sponsor

Back
Top