cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1300
Views
20
Helpful
9
Replies

192.168.3.0 Network utlizing 3 Outside Static IP's

fbeye
Level 4
Level 4

Would this simply be a setup using NAT/PAT and depending on the application/Port would determine which Network (192.168.3.0) IP would use which Static IP or is there a way to assign a Network IP it's own Static.

 

I have 1 spare Interface w/ 3 Static IP's I want to utilize so I was going to divide a switch into 3 vlans  but not sure if I am looking at this correctly.

1 Accepted Solution

Accepted Solutions

You could perhaps do it the way that you suggest using a spare interface. But there is a more simple (and I believe better) way to use those 3 Public IP addresses. Configure 3 static nat statements on the ASA which would map the Public IP to the private IP used for that service. This way any packet sent from the Internet to the Public IP associated with the web server would be translated and sent to the private IP  used by the web server.

HTH

Rick

View solution in original post

9 Replies 9

balaji.bandi
Hall of Fame
Hall of Fame

Until there is a requirement for 3 VLANs to separate you can do it inside.

 

Do you mean to say there is a NAT pool to go out using 3 IP addresses of Public IP address?  you can use any one of the IP or 3 IP depends on the requirement.

 

you would like to use to incoming traffic you can do static nat wit Public IP any one of them to inside?

 

I Hope is this what are you looking to do?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Morning

 

Currently there is no setup. What I have are 3 Static IP’s (Internet IP’s) I wish to utilize for let’s say, email server, web server and Minecraft (all examples) but I have 1 free Interface on my 5508-X. 
Would I be able to create a 192.168.3.0 Network on GE 1/3 on 5508-X and then have that connect to a Switch and from there make Email 192.168.3.2, Web Server 192.168.3.3 and then 192.168.3.4 but when they touch the Net they use their own Static IP assigned to that specific LAN IP

You could perhaps do it the way that you suggest using a spare interface. But there is a more simple (and I believe better) way to use those 3 Public IP addresses. Configure 3 static nat statements on the ASA which would map the Public IP to the private IP used for that service. This way any packet sent from the Internet to the Public IP associated with the web server would be translated and sent to the private IP  used by the web server.

HTH

Rick

Alright I believe I am following. I would still need a L2 Switch to plug into the Interface GE 1/3 with a network 192.168.3.0 and each device on that Switch will be NATted to its correct outside IP.

Personally, i would use 1 Public IP address for outgoing NAT for all the Lan to Internet

for incoming requests, i use other 2 IP addresses, so you well defined incoming IP address to the Local IP address

 

is this make sense?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Interesting. I do understand the concept of all Outgoing uses 1 Outside IP and the Incoming would be NAT specific to its respective Outside IP coming in and being directed to the Server or Application. 
Being that the IP’s in question are indeed public knowledge (in terms of they are acting as servers on the Internet) wouldn’t it be beneficial in a sense to monitor traffic (in regards to what IP is doing what outbound) by using each IP?

Any easy description to the benefit of using the 1 outgoing?

Hello


@fbeye wrote:

I have 1 spare Interface w/ 3 Static IP's I want to utilize so I was going to divide a switch into 3 vlans  but not sure if I am looking at this correctly.


Is this then 4 static public routable ip addresses in total ( 3 free and 1 assigned to your wan interface of the rtr, or 2 free and 1 assigned to your wan rtr interface?)


example ( 4 public ip address)
rtrs wan interface 1.1.1.10
spare 1 1.1.1.11
spare 2 1.1.1.12
spare 2 1.1.1.13

3 lan vlans 182.168.3.0/24

(vlan 11- 192.168.3.0/25)
static pat host 192.168.3.2

(vlan 12- 192.168.3.129/192
static pat host2 192.168.3.130

(vlan 13- 192.168.3.193/192)
static pat host3 192.168.3.194


access-list 100 remark LAN subnet:
deny ip host 192.168.3.2 any
deny ip host 192.168.3.130 any
deny ip host 192.168.3.193 any
permit ip 192.168.3.0 0.0.0.255 any


ip nat inside source list 100 inteface <wan interface> - Pat statement for all an clients (except static pat hosts)

ip nat nside source static tcp 192.168.3.2 25 1.1.1.11 25 <-- static pat for email smtp server

ip nat nside source static tcp 192.168.3.130 443 1.1.1.12 443 <-- static pat for web https server

ip nat nside source static tcp 192.168.3.194 3074 1.1.1.13 3074 extendable <-- static pat for minecraft xbox360 server
ip nat nside source static udp 192.168.3.194 88 1.1.1.13 88 extendable
ip nat nside source static udp 192.168.3.194 3074 1.1.1.13 3074 extendable


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Wow very thorough I appreciate it! I will look at this over better tonight. 
It is a stack of 8 IP’s, 5 usable but regardless of 3 or 5 your example should be the same. I will let you know when I get home how it all looks. 

it does not matter how many IP address syntax is the same.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Review Cisco Networking for a $25 gift card