06-07-2003 10:02 AM - edited 03-02-2019 07:57 AM
I currently have a Cisco 677 in a default configuration where the
server is at 192.168.1.2 and the other machines on the LAN get to the
Internet via NAT. We now have been assigned another IP set (4 IPs, 1
allocateable to a machine). The new IP was needed so 2 web servers
could operate at port 80 as seen from outside. Originally, I was going
to map the second IP port 80 to port 8100 on the same internal IP. Now
I am thinking maybe it would be better to config the server with 2
IPs. This would allow other services to run on the new IP without
configuration and later we might move that IP to another server. We
are using fixed IPs, inside and outside. The instructions from our ISP
don't seem to allow NAT and assumes a different router IP than the
current (191.168.1.1, while this setup would make it 191.168.1.2):
Assuming 10.1.1.x addresses:
enable
set nat disable
set int vip0 ip 10.1.1.1
set int vip0 mask 255.255.255.252
set route add ip (net address) mask (255.255.255.252) gw (10.1.1.2)
write
reboot
So, my question is how to add the new IP and keep the old one and NAT
working? Or maybe the new IP configuration offered will not work?
06-07-2003 05:10 PM
I am little confuse about the ip address scheme that you have mentioned.
You have one privet ip address 192.168.1.1 allocated to internal web server and wants to add another one like 192.168.1.2? The wan ip address is 10.1.1.1?
with that, you can map port 80 of both the internal ip address like
set nat entry add 192.168.1.1 80 10.1.1.1 80 tcp
set nat entry add 192.168.1.2 80 10.1.1.1 80 tcp
So request to port 80 on 10.1.1.1 will be load balanced between 192.168.1.1 and .2.
You can visit following link for PAT on 600 cpe's.
http://www.cisco.com/warp/customer/794/600pat.html
If i am misunderstanding it, pl. explain what ip address you have and where with which new one that you want to add.
06-08-2003 01:10 AM
Everything after 'Assuming 10.1.1.x addresses: ' in my original post is part of the example from my ISP. Thus, their idea of how to set up a private 10.x.x.x net. My private net is currently 192.168.x.x, however.
Current setup is that the 677 is at 192.168.1.1, the server is at 192.168.1.2., NAT is on. This is the default config for a single outside IP, which is something like 287.65.11.10.
Now, I have been given an additional 4 IP block at something like 287.65.13.8 thru 287.65.13.11 externally speaking. The 'free' IP, the one not preassigned to the network, router, or broadcast should be directed to the same server, ideally at a different private IP. Thus, I want to have two 287.65.x.x IPs on the WAN be routed one-to-one to two 192.168.x.x IPs on the LAN.
My permissions don't allow access to:
06-09-2003 08:07 AM
Try following link.
http://www.cisco.com/en/US/products/hw/routers/ps295/products_tech_note09186a0080093e32.shtml
Its the same as the other link.
Now you can have two 287.65.x.x (.1 and .2 for exa) IPs on the WAN be routed one-to-one to two 192.168.x.x ( .2 and .3 for exa) IPs on the LAN by configuring following way.
set nat entry add 192.168.1.2 80 287.65.11.1 80 tcp
set nat entry add 192.168.1.3 80 287.65.11.2 80 tcp
You can also use the same without static port mapping.
The link above disucss the same.
06-13-2003 06:32 AM
You said:
You can also use the same without static port mapping.
I don't see what that means in this situation. I have multiple inside machines, but only one is reachable from the outside normally. Does this count as one machine, as far as the manual is concerned?
As far as I can see from the manual, each port has to be specified as well as the protocol. I'd like to have all incoming on the new external IP go to the new internal IP. This would avoid having to update the router entries with each new service.
If I can't do that, then can I just leave the present configuration and add the following for the new external IP?
set nat entry add 192.168.1.3 80 287.65.11.2 80 tcp
or maybe
set nat entry add 192.168.1.2 8080 287.65.11.2 80 tcp
Thus, doing port forwarding for tcp, since 192.168.1.2 is the current default internal IP. Would this continue to let everything thru on the old IP?
07-21-2003 07:03 AM
I still haven't been able to get this to work. It appears I need an external interface for the second IP. That is, I need to increase the max number of virtual circuits (from 1 to 2) and then use the Set Interface command to assign the new global IP to wan0-1. Can someone confirm this?
dss
---------------------------------------------------
cbos>show interface
IP Address Mask
eth0 192.168.1.1 255.255.255.0
vip0 0.0.0.0 255.255.255.0
vip1 0.0.0.0 255.255.255.0
vip2 0.0.0.0 255.255.255.0
wan0 Physical Port: Trained
Dest IP Address Mask
wan0-0 213.237.127.76 255.255.255.255
cbos>show multicast
Multicast Forwarding is currently enabled
cbos>show route
[TARGET] [MASK] [GATEWAY] [M][P] [TYPE] [IF] [AGE]
0.0.0.0 0.0.0.0 0.0.0.0 1 SA WAN0-0 0
192.168.1.0 255.255.255.0 0.0.0.0 1 LA ETH0 0
213.237.127.0 255.255.255.0 0.0.0.0 1 AR WAN0-0 0
192.168.0.0 255.255.0.0 192.168.1.254 1 SA ETH0 0
WAN Interfaces...
213.237.127.76 255.255.255.255 0.0.0.0 1 HA WAN0-0 0
cbos>show nat
NAT is currently enabled
Port Network Global
eth0 Inside
wan0-0 Outside 213.237.42.211
vip0 Outside
vip1 Outside
vip2 Outside
Local IP : Port Global IP : Port Timer Flags Proto Interface
192.168.1.1:23 *****:23000 0 0x00041 tcp eth0
192.168.1.2:***** *****:***** 0 0x03041 *** eth0
192.168.1.2:8100 213.237.69.65:80 0 0x00041 tcp eth0
192.168.1.2:8100 213.237.69.65:80 0 0x00041 udp eth0
192.168.1.2:8100 213.237.69.65:80 0 0x00041 icmp eth0
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide