cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
807
Views
0
Helpful
5
Replies

Information about the Public IP addresses

gurwinkle.singh
Level 1
Level 1

Well I have a topology of Router with redundant paths from ISP.Then,I will install the firewall in DMZ and will configure NAT on it for public access for the servers and will implement the rules and access lists to block the ports and stop the required traffic.My main question arises is that how many public IP addresses will be needed.One public IP Address will be needed for the Router for ISP or two if there is another path i-e redundant path and what about firewall which is terminating the DMZ.That will require public IP also ?

1 Accepted Solution

Accepted Solutions

Hi gurwinkle.singh,

It depends upon your requirement. You need two IP's (if redundant ISP's). For firewall itself you don't need any public IP. You have two options Either to configure port forwarding or One to one NAT for internal servers that you want to be accessible form internet. For one to one NAT you need as many IP as you have servers in DMZ. But if you are doing port forwarding then One or two IP's are enough. You can configure NAT on firewall as well as edge router. If you want to configure NAT/Port forwarding on firewall then then you need to route those Public IP's towards firewall at Edge router but if you are configuring NAT/Port forwarding at edge router then you need to add NAT configuration at edge router. 

View solution in original post

5 Replies 5

Hi gurwinkle.singh,

It depends upon your requirement. You need two IP's (if redundant ISP's). For firewall itself you don't need any public IP. You have two options Either to configure port forwarding or One to one NAT for internal servers that you want to be accessible form internet. For one to one NAT you need as many IP as you have servers in DMZ. But if you are doing port forwarding then One or two IP's are enough. You can configure NAT on firewall as well as edge router. If you want to configure NAT/Port forwarding on firewall then then you need to route those Public IP's towards firewall at Edge router but if you are configuring NAT/Port forwarding at edge router then you need to add NAT configuration at edge router. 

Okay. I got that there is no need for public IP on firewall. If I am configuring VPN tunnels, do I need public IP for that. 

Hi Gurwinkle,

Yes for VPN you need public IP. If you are configuring VPN on edge router then you already have Public IP's you can use those IP's for VPN. If you are configuring VPN on firewall then you can achieve this by configuring one to one NAT for firewall's IP or just configuring port forwarding for udp port 500, udp port 4500 and esp traffic at router. 

Do you mean configuring NAT between router and firewall,a static NAT on router for firewall to save the public IP.PAT can do the job between firewalls and servers. 

Yes you can configure static NAT on router for firewall. If you want to access servers from internet then you need to configure port forwarding or if you only want to provide internet access to servers then "yes" PAT can do the job.

Let me know your scenario if you want to understand how you can achieve this.

Review Cisco Networking for a $25 gift card