cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2245
Views
2
Helpful
9
Replies

Configuration of second Public IP in Router and assign it to Local Server

optimusprime90
Level 1
Level 1

Hello Dears,
We have Exchange server already working with one of our Public IP, we want to assign a separate IP to exchange,can you please help me in this as this is our production environment.
Current Design is as Follows:
ISP --> Cisco Router (port-1)
Cisco Router(port-2) --> Fortigate Firewall (port:wan)
Fortigate Firewall -- LAN

1 Accepted Solution

Accepted Solutions

Hello
Correct, you should already have static nat statements for the existing exchange publc ip address, if so you should just then need to ammend those statements to reflect the new echange inside global address (public nat ip)

Example: 

Exchange lan srv ip = 192.168.1.1
Exchange public = old 1.1.1.1
Exchange public = new 2.2.2.2

ip nat inside source static tcp 192.168.1.1 25 1.1.1.1 25 extendable
ip nat inside source static tcp 192.168.1.1 80 1.1.1.1 80 extendable
ip nat inside source static tcp 192.168.1.1 443 1.1.1.1 443 extendable
etc...


Change to...

ip nat inside source static tcp 192.168.1.1 25 2.2.2.2 25 extendable
ip nat inside source static tcp 192.168.1.1 80 2.2.2.2 80 extendable
ip nat inside source static tcp 192.168.1.1 443 2.2.2.2 443 extendable
etc...

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

9 Replies 9

Very little information that you provide here. But assuming that you have the public IPs on the router, I would expect that the rest is private addressing and the Router also handles the NAT. Then you have to:

  1. Configure a new static NAT statement similar to the existing one on the router
  2. Add the traffic to the ACL on the port1 of the router if there is an ACL
  3. Configure the Firewall to allow the traffic

Hello Dear,
Currently we have only

 /31 subnet

configured on router, and we already received new IPs from our ISP but its not added to the router yet.
For example our current Public IP

 subnet is 10.10.10.219/31

which is configured and working already.
Now ISP gave us a new range as follows.

x.x.x.x/29
Gateway: 10.10.10.219

we want to assign one of these new public IPs to our exchange server only.
 

Quite common setup, you can directly use this new address-space in your NAT config.

Hello,

 

--> We have Exchange server already working with one of our Public IP, we want to assign a separate IP to exchange,

 

What exactly are you trying to accomplish, assign a public IP address to the Exchange server ? What is the current IP address of the Exchange server ?

Hello
Then you need to update your existing nat statement to accommodate the servers public ip re-addressing, internally the exchange server ip address shouldn’t change, However I would expect you would also need to update any public dns A, MX records to reflect this new public exchange ip address especially for OWA access.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hello Dear @paul driver ,
yes in addition to dns records update, Do i need to add static nat to new public ip & local exchange server?
that's it ?

Hello,

 

indeed you need a static NAT entry to reflect the new public IP address linked to the Exchange server.

Hello
Correct, you should already have static nat statements for the existing exchange publc ip address, if so you should just then need to ammend those statements to reflect the new echange inside global address (public nat ip)

Example: 

Exchange lan srv ip = 192.168.1.1
Exchange public = old 1.1.1.1
Exchange public = new 2.2.2.2

ip nat inside source static tcp 192.168.1.1 25 1.1.1.1 25 extendable
ip nat inside source static tcp 192.168.1.1 80 1.1.1.1 80 extendable
ip nat inside source static tcp 192.168.1.1 443 1.1.1.1 443 extendable
etc...


Change to...

ip nat inside source static tcp 192.168.1.1 25 2.2.2.2 25 extendable
ip nat inside source static tcp 192.168.1.1 80 2.2.2.2 80 extendable
ip nat inside source static tcp 192.168.1.1 443 2.2.2.2 443 extendable
etc...

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

optimusprime90
Level 1
Level 1

Hello Dears,
Thanks for your response, Please note that currently we have static IP which is being used for exchange and for LAN internet access as well.
We want to keep that static IP for LAN internet access only as it was before, and assign a new static IP for exchange only.

Review Cisco Networking for a $25 gift card