cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1056
Views
0
Helpful
9
Replies

Router Natting

estelamathew
Level 2
Level 2

Hello,

I have only 1 public IP on my router outside interface which is connected to ISP,

I wanna just confirm the below from u experts,

  1. I want to create a site -to site VPN with other branches i have a proper IOS ------- I hope i can do it
  2. The public IP on router outside interface,, can i use the same IP for static natting of web server (one to one) ????? If suppose i use in static natting and if i ping from internet to the public IP it will ping to router interface or it will ping to server IP ????-------- I hope we can't do it.
  3. IF i m not wrong then,, i hope i can use service distrbution with that same public IP  but not static natting (one to one).
  4. i hope there is no concept of firewall that if we do natting we need a access-list, On router without an access-list also users from internet can access the inside servers only natting should be provided.

Tx

3 Accepted Solutions

Accepted Solutions

Julio Carvajal
VIP Alumni
VIP Alumni

Hello Estela,

1- Yes you can configure a VPN site to site as long as the router supports it

2-You cannot do a static one to one with the outside interface of the asa that will be used for other host to go to the internet., instead of that you can configure port-forwarding that will work for inbound connections ( Just TCP and UDP as these protocols use ports)

3-Yes, you can do it as I explained on previus answer

4-That is correct, without ACL everything is allowed.

Regards,

Julio

Rate helpful posts!

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Hi,

1) no

2) yes but implementation is different.

Regards.

Alain

Don't forget to rate helpful posts.

View solution in original post

Hello Estela,

Not at all as the ip address will be always be the same ( Assigned for the ISP regarding your MAC address)

Regards,

Julio

Do rate helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

9 Replies 9

Julio Carvajal
VIP Alumni
VIP Alumni

Hello Estela,

1- Yes you can configure a VPN site to site as long as the router supports it

2-You cannot do a static one to one with the outside interface of the asa that will be used for other host to go to the internet., instead of that you can configure port-forwarding that will work for inbound connections ( Just TCP and UDP as these protocols use ports)

3-Yes, you can do it as I explained on previus answer

4-That is correct, without ACL everything is allowed.

Regards,

Julio

Rate helpful posts!

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Hello julio

Some more question please:

  1. The link on router is ADSL but it always receive the fixed IP from the ISP when the router reboots,It has been agreed by the ISP. so i don' think it should be any issues for VPN and static natting ( service distribution)
  2. It is a router and not a firewall so the terminology of service distribution on router is same as port forwarding in ASA.

Tx

Hi,

1) no

2) yes but implementation is different.

Regards.

Alain

Don't forget to rate helpful posts.

Hi,

  1. "No" means there will be no issues ???

Hi,

if the IP is static there will be no problem for VPN otherwise it's best to use Dyndns but for NAT it's not a problem.

Regards.

Alain.

Don't forget to rate helpful posts.

Hello,

The IP is not static but the IP is bind to our router inteface MAC address by the ISP, so that when a router reboots the interface will get the same IP. Will there be a problem for vpn  and Nat.

Tx

Hello Estela,

Not at all as the ip address will be always be the same ( Assigned for the ISP regarding your MAC address)

Regards,

Julio

Do rate helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Thanks dear

Hello Estela,

My pleasure, Glad I could help.

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: