Router for 2-4 external IP-addresses

ARGE_2015 · ‎09-29-2015

Hi,

I hope someone can advise us to a small business cisco-router.

We are a small NGO with several usergroups in our house.

I think the setup we need is very simple. We have several "real" external ip-addresses from our provider.

On one hand some ingoing ports need to be routed to separate LANs (DHCP should be provided by the router) and on the other hand all traffic from the different LANs has to use the "assigned" external IP-address.

for example

some ports for ingoing traffic to 95.0.0.1 (WAN-port) should be routed to a server in a LAN with 172.17.1.0/24 (e.g. LAN P1).
some ports for ingoing traffic to 95.0.0.2 (WAN-port) should be routed to a server in a LAN with 172.17.2.0/24 (e.g. LAN P2)

vice-versa ...
any outgoing traffic from 172.17.1.0/24 netz should use the ip-adress 95.0.0.1.
any outgoing traffic from 172.17.2.0/24 netz should use the ip-adress 95.0.0.2.

We have about 30-50 users inhouse working at the same time plus one webserver with about 3000 visitors daily.
VPN or other services are not a priority.

thanks in advance for any help!

Johannes

paul driver · ‎10-01-2015

Hello

What ports are you refering to?

Whatabout the rest of the Lan/ISP traffic how do you wish this to be routed?
Do you have dual ISP's of just the one?

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ARGE_2015 · ‎10-02-2015

Thanks for your reply!

as we have a few domains on a webserver inhouse, every external traffic on port 80 & 443 going to 95.0.0.1 should be forwarded to one specific local IP e.g. 172.17.1.3.

the rest of the ingoing/outgoing traffic should be treated by the router like a "normal" firewall, blocking all other incoming ports, but allowing any outgoing traffic.

We have just one ISP, so one ingoing WAN-port would suffice, if that's what you mean.

I'm on a tight budget, so $400,- would be the very maximum.

thanks in advance!

johannes

paul driver · ‎10-02-2015

Hello

Apologies for this I still no clear with this setup, Bascially your wish:

- for any TCP ingess traffic from WAN on ports 80.443 - you wish to re-route this to specific servers utilising ISP provided public addressing

- For the rest of ingress traffic from WAN you wish to block unless this traffic was intiated internally.

Also

1) How many VLANs do you have
2) How many servers do you have?
3) What type of router do you have?

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ARGE_2015 · ‎10-03-2015

Yes, that's what we need.

to answer your questions:

1) We have no VLANs currently.

2) 1 server.

3) Zyxel Zywall USG 100 (which works nicely but does not support more than one external ip-address).

thanks,

johannes