cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1041
Views
0
Helpful
6
Replies

Public IP without NAT CISCO 5512X

Acidflame
Level 1
Level 1

Hi to all,

i'm new on this forum. I need to set on my CISCO 5512X a public IP without NAT.

I have 2 External configuration with 2 different subnet - 1 Internal.

Now many webhosting control panel like Cpanel not accept NAT 1:1 for now, then i need to assign in the configuration no nat IP 192.168.x.x but Public IP 12.34.x.x without Address Translation.

It's possible to set Public IP without NAT in simple way?

Thanks for your help and excuse me for my english.

6 Replies 6

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

If you absolute requirement is to have the public IP address directly on the actual server and you have a public subnet from the ISP, then I would suggest splitting public subnet and using 1 on the external interface and one on the internal/dmz interface to enable you to use the public IP address directly on the server.

This would naturally require both changes on the ASA and on your ISP side as part of the original subnet would be between you and the ISP (ISP would need to change the network mask) and part of the original subnet would be behind the firewall on the internal side (ISP would have to configure routing for the other spit subnet towards your ASA)

I dont see any other way,

- Jouni

There aren't other way? It's no possible to assign same Ip on private e public address?

My problem is that i can't configure my server with a static. Example

Centos part configuration

DEVICE=eth0

BOOTPROTO=static

DHCPCLASS=

HWADDR=XX:XX:XX:XX

IPADDR=INTERNAL IP (NOT EXTERNAL)

NETMASK=255.255.255.0

ONBOOT=yes

If i want to add EXTERNAL IP AND not INTERNAL IP it's possible?

PS: 2 External network is on the same network mask, but is more expensive use 2 subnet for use.

Hi,

Well typically if a company only has a small public subnet they will use it on the firewall and use the spare public IP addresses to give their internal servers a public IP address. And this is done with Static NAT on the actual firewall with the public IP address being located on the firewall and the private IP address configured on the server.

If for some reason the servers need to be configured with public IP addresses directly then usually the public subnet is configured directly on some DMZ interface of the firewall and one of that subnets public IP addresses is configured directly on the server. In this situation you will naturally not require any NAT configured on the firewall for this public DMZ subnet as it can use its original public IP address to access Internet or be accessed from the Internet.

So you are saying that you have a /24 public subnet at your disposal? If that is true and the ISP has allocated a /24 public subnet for you then I would imagine you could easily split small part of that to be used for your servers directly. But as I said, this would require changes on both sides, at your site and on the ISP configurations. This should really cause no additional expences (other than for the change work perhaps) since you are not aquiring any additional public IP addresses.

But then again I am not sure if I have understood your situation correctly. I am not sure what you are doing that would absolutely require for the server to directly have the public IP address. Can't say that I would remember ever running into that situation.

- Jouni

My english it's so bad, but i try to explain well my situation.

I have a server with CPanel and this not support nat, now if i configure my server with one of my IP 89.31.51.xx and try to give dedicated IP address to my website this not work. If i set with a private IP 192.168.2.xx this work same question if i try to setup network file if i use Real IP server not ping if i use private IP server ping. It's my first time with ASA and i try to learn the world of Firewall. You have a solution for me to use real IP on server configuration?

I had thought that assign Real IP address directly to the server it was a good solutions. But if you have an advice for me thanks. And thanks for the support and your answer

Hi,

Well the problem at the moment seems to me to be related to the general network setup you have and I can only guess I have no idea how your network is set up.

What I would imagine you have at the moment is that you have a public subnet on the external interface of the ASA and private networks on the internal interfaces of the ASA for your LANs and DMZs.

For you to be able to configure a public IP address directly on the server (and not as a NAT IP address on the ASA) then you will naturally have to configure a public subnet in your internal network, perhaps directly on some DMZ interface of the ASA like I said.

Now its a completely different matter how you actually configure this. Like I mentioned before it depends what kind of public subnet you have at your disposal. If you for example had a /28 subnet you would be able to split it to 2x /29 for example leaving 8 IP per subnet (naturally only 5 usable for actual hosts). Splitting the mentioned network in the way above would essentially permit you to have one of the public subnets configured directly on the DMZ and use one of its public IP addresses directly on the server and the other public subnet would be between the ASAs external interface and the ISP gateway.

This change would essentially require changes from both your ASA and the ISP on their gateway device.

- Jouni

I have two /27 subnet. And my actual configuration is like you have supposed.

it is unlikely that my ISP can do changes to its network.

In some case you have a guide or link to read for this configuration?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Review Cisco Networking products for a $25 gift card