02-18-2015 12:36 AM - edited 03-11-2019 10:31 PM
Hi,
For my company, i must using most of 1 public ip address.
My FAI (Proximus in Belgium) has routed 4 IPs into my outside network (behind the FAI router).
Each ip address has into the same subnet.
How can i add most of 1 ip address on my outside interface?
I've thinking multi context using but i need build VPN L2L and SSL...
Thank you in advance.
Solved! Go to Solution.
02-18-2015 01:43 AM
Is It possible of nat a port from a public ip address if isn't the address of the public interface?
Yes it is.
You simply configure your NAT statements on the firewall, no need for those public IPs to be assigned to a physical interface.
If the IPs are from the same subnet as your outside interface IP and you have configured static NAT statements with these IPs then when the ISP requests the mac address for any of these IPs your firewall will respond with it's outside interface mac address so that the packets are sent to it.
Jon
02-18-2015 01:26 AM
Nicolas
You don't need to assign the other public IPs to your outside interface.
As long as your ISP routes traffic for those IPs to your outside interface which you say they are doing then you can use the IPs in your NAT statements on the firewall and it will work.
They don't need to be assigned to a physical interface.
For VPN and SSL you would use the outside interface IP of your firewall not any of the spare public IPs.
Jon
02-18-2015 01:34 AM
Thanks you Jon for your answer.
But, that's will work for outside.
I need using multi public ip for expose 4 http server on port 443 and 80.
Is It possible of nat a port from a public ip address if isn't the address of the public interface?
02-18-2015 01:43 AM
Is It possible of nat a port from a public ip address if isn't the address of the public interface?
Yes it is.
You simply configure your NAT statements on the firewall, no need for those public IPs to be assigned to a physical interface.
If the IPs are from the same subnet as your outside interface IP and you have configured static NAT statements with these IPs then when the ISP requests the mac address for any of these IPs your firewall will respond with it's outside interface mac address so that the packets are sent to it.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide