Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1009
Views
5
Helpful
2
Replies

Multiple Global IPs, Multiple Domains, Single Local IP that hosts multiple webservers

Go to solution
polofalltrades
Level 1
Level 1

‎03-08-2010 11:04 PM - edited ‎03-11-2019 10:18 AM

Hi all,

     Good day to the Cisco Support Community AKA Netpro . I am not so sure where to post my question because it spans of two major topics. One is webhosting and the other one is NAT-ing. You see we have a problem, currently, we have a Pix 515E provided as a service unit because our local reseller failed to deliver the 5510 on time due to shipment issues. The current PIX firewall is running the ASA version software. I just can't remember the exact Software version, but definitely it is 7.x.

     Our company has a local, single serverbox which hosts multiple webservers and domains and it is running on IIS. We have multiple Public IP addresses and multiple domains. Prevously, we have our Endian Firewall to do this task of NAT-ing that single LAN IP address on the server, to multiple Public IPs and domains, using of course, the same port 80 to establish http connections. I guess it would be clearer if it goes on like this.

192.168.100.5 ---> (NAT via UTM) ---> Public IP 1:80 www.sample1.com

192.168.100.5 ---> (NAT via UTM) ---> Public IP 2:80 www.sample2.com

192.168.100.5 ---> (NAT via UTM) ---> Public IP 3:80 www.sample3.com

For example, I'll go to www.sample1.com, It'll translate my query to Public IP 1 requesting http of the local server. Then I'll go to www.sample2.com, It'll translate my query to Public IP 2 requesting http again of the local server. The rest follows suit.

     As I understand, what I am trying to do is a reverse of how PAT works, translating a single local IP address to multiple Public IP addresses.

     Now, is there a way to achieve this using a PIX/ASA Firewall? Because with my simple understanding of how to configure the PIX/ASA, this is not possible. I am only aware of how to configure NAT on a PIX/ASA Firewall using multiple servers to a public IP, PAT, or use a simple NAT 1:1 map using different ports. Help would definitely be appreciated. I am very well confident that if Endian Firewalls can do such, then Cisco can do it better. Thanks in advance guys!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
KARUPPUCHAMY MALAIYANDI
Level 4
Level 4

‎03-08-2010 11:29 PM

HI...


Ha..Ha..Ha.


Yes.. cisco can give a solution for your requirement.


Step by Step Configuration


1.Configure ACL


policy_nat_web1 and policy_nat_web2 are two access-lists that match the source address we want to translate on.  Two access-lists are required, though they can be exactly the same.


access-list policy_nat_web1 extended permit ip host 192.168.100.50 any

access-list policy_nat_web2 extended permit ip host 192.168.100.50 any

2.write the acl for your all public IPs to allow HTTP access from internet

access-list inbound_outside extended permit tcp any host  eq www
access-list inbound_outside extended permit tcp any host  eq www
access-list inbound_outside extended permit tcp any host  eq www


3.configure NAT

static (inside,outside)   access-list policy_nat_web1
static (inside,outside)   access-list policy_nat_web2


4.Apply the ACL

access-group inbound_outside in interface outside

Hope it will help u.

Regards
Karuppu


View solution in original post

2 Replies 2

Go to solution
KARUPPUCHAMY MALAIYANDI
Level 4
Level 4

‎03-08-2010 11:29 PM

HI...


Ha..Ha..Ha.


Yes.. cisco can give a solution for your requirement.


Step by Step Configuration


1.Configure ACL


policy_nat_web1 and policy_nat_web2 are two access-lists that match the source address we want to translate on.  Two access-lists are required, though they can be exactly the same.


access-list policy_nat_web1 extended permit ip host 192.168.100.50 any

access-list policy_nat_web2 extended permit ip host 192.168.100.50 any

2.write the acl for your all public IPs to allow HTTP access from internet

access-list inbound_outside extended permit tcp any host  eq www
access-list inbound_outside extended permit tcp any host  eq www
access-list inbound_outside extended permit tcp any host  eq www


3.configure NAT

static (inside,outside)   access-list policy_nat_web1
static (inside,outside)   access-list policy_nat_web2


4.Apply the ACL

access-group inbound_outside in interface outside

Hope it will help u.

Regards
Karuppu


Go to solution
polofalltrades
Level 1
Level 1
In response to KARUPPUCHAMY MALAIYANDI

‎03-08-2010 11:48 PM

Thanks alot Karuppu! Will definitely try that one out. That seems really familiar to me, I think I've read the same lines outta the documentation. But the doc had a few more lines to it to make it pretty confusing. I'll give you a feedback if this works perfect. Thanks again!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card