Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
670
Views
0
Helpful
4
Replies

Cisco 3825 Mutiple IP Addresses on the Wan side of the router

Go to solution
heron98105
Level 1
Level 1

‎10-06-2009 06:28 AM - edited ‎03-04-2019 06:16 AM

I have a 3825 with a 65.x.x.x /30 address range from my isp. I have assigned one of the 2 usable addresses to the G0/0 interface of the router.

My isp has also provided me with a 209.x.x.x /27 range to use as well.

I now need to migrate all my web, ftp, mail, vpn, and other resources to statically natted privately assigned address that map to addresses in the 209 address space. This needs to happen through the G0/0 interface of the same 3825 router.

I have tried to assign a secondary IP address to the G0/0 interface but it does not let me.

I am a beginner- but looking to build my skill set.

All help here would be most appreciated.

Thank you in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
sameermunj
Level 1
Level 1
In response to heron98105

‎10-06-2009 08:49 PM

Hi

where u will place the DMZ servers??.ideally 3825 comes with 2 in built Gig interfaces so wan link terminated on Gi0/0 and Gi0/1 u can use for lan termination.The Gi0/1 interface can have ip from subnet 209.x.x.x and secondary ip from your private subnet and then you can do plain static nat with private ip==209.x.x.x series ip.

In another option u have HWIC-4Esw card which has ethernet interfaces that u can use for your DMZ server termination in which case u do not have to give secondary ip on Gi 0/1 adnd it can have ip from 209.x.x.x segment only and using HWIC-4Esw u can create vlan for servers and private ip spance will be used by that vlan.natting part will remain same.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
xcz504d1114
Level 4
Level 4

‎10-06-2009 06:35 AM

You will need to use multiple interfaces to achieve this, whether it is a physical interface or a sub-interface.

What does your topology look like? You will likely need another router to achieve the results you are wanting.

Craig

0 Helpful

Go to solution
heron98105
Level 1
Level 1
In response to xcz504d1114

‎10-06-2009 06:49 AM

I have a 10 meg feed from the isp- they have provided me with the 2 ranges of IP's They labeled the 65.x.x.x as WAN and the 209.x.x.x as LAN. They come in on the same single wire. I have a HWIC-4ESW card as well as the G0/0 and 0/1. I need to be able to nat to servers that are in both a dmz as well as within my internal network. I do have another router I could place- though it is old. A "turn of the century" 1700 series router.

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to heron98105

‎10-06-2009 10:28 AM

James

I am not sure that I agree with your statement that this must be through your gi0/0 interface. If I am understanding correctly there is not a requirement that the 209.x.x.x be assigned on a specific address. I believe that it could work if you configure a static NAT translation so that your web server (perhaps at 192.168.51.6) is translated at 209.x.x.y and your mail server (perhaps at 192.168.51.22) is translated at 209.x.x.z. This will allow anyone in the Internet to send to 209.x.x.y and talk to your web server (at 192.168.51.6) or to send to 209.x.x.z and talk to your mail server (at 192.168.51.22).

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
sameermunj
Level 1
Level 1
In response to heron98105

‎10-06-2009 08:49 PM

Hi

where u will place the DMZ servers??.ideally 3825 comes with 2 in built Gig interfaces so wan link terminated on Gi0/0 and Gi0/1 u can use for lan termination.The Gi0/1 interface can have ip from subnet 209.x.x.x and secondary ip from your private subnet and then you can do plain static nat with private ip==209.x.x.x series ip.

In another option u have HWIC-4Esw card which has ethernet interfaces that u can use for your DMZ server termination in which case u do not have to give secondary ip on Gi 0/1 adnd it can have ip from 209.x.x.x segment only and using HWIC-4Esw u can create vlan for servers and private ip spance will be used by that vlan.natting part will remain same.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card