02-10-2012 05:57 PM - edited 03-04-2019 03:13 PM
Hi guys,
I need help configuring my Cisco 2951 router with Z0ne-based firewall. This is the scenario I would like to configure.
I have two ftp servers,S1 and S2, behind the router which needs to be accessed by two groups of users, G1 and G2, from the outside, i.e., from the internet.
I have two public IP addresses, 152.12.164.203 and 152.12.164.204. The WAN interface of the router is configured with IP address 152.12.164.203. G1 needs to access S1 on 152.12.164.203 and G2 needs to access S2 on 152.12.164.204.
What are the steps in configuring the router if I need the above scenario to be implemented?
Thank you for your help!
Regards,
Vishal
Solved! Go to Solution.
02-10-2012 07:36 PM
I think you need to assign the second public ip on the wan interface as a secondary ip. Same command but use secondary after, and then use static mapping to each of the 2 sites. You can use extended acl as the source for nat mapping to permit only ftp to those servers, and don't forget to permit other traffic if needed.
Eugen
02-10-2012 06:22 PM
Hi Vishal,
Have a read thru this
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093f31.shtml
http://www.cisco.com/en/US/docs/ios/12_0/np1/configuration/guide/1cipadr.html#wp4593
And combine those with an extended ACL on outside interface to permit only those 2 networks to access ftp.
Eugen
02-10-2012 06:50 PM
Hi Eugen,
Thank you for your reply. I have a question: Do I need to configure a logical interface to allow my WAN interface which is on 152.12.164.203 to also use 152.12.164.204?Is a logical interface needed at all?
Thank you.
Kind regards,
Vishal
02-10-2012 07:36 PM
I think you need to assign the second public ip on the wan interface as a secondary ip. Same command but use secondary after, and then use static mapping to each of the 2 sites. You can use extended acl as the source for nat mapping to permit only ftp to those servers, and don't forget to permit other traffic if needed.
Eugen
02-10-2012 08:50 PM
Thank you Eugen. That was simple. It works fine.Wow,that's great!now i can enjoy my weekend!
Youhou!!
Thanks mate..
Kind regards,
Vishal
Date: Fri, 10 Feb 2012 20:37:00 -0700
From: supportforums-donotreply@supportforums.cisco.com
To: vishal90216@hotmail.com
Subject: - Re: Connection on multiple WAN IP addresses-Cisco 2951
Home
Re: Connection on multiple WAN IP addresses-Cisco 2951 created by eugen barticel in WAN, Routing and Switching - View the full discussion
I think you need to assign the second public ip on the wan interface as a secondary ip. Same command but use secondary after, and then use static mapping to each of the 2 sites. You can use extended acl as the source for nat mapping to permit only ftp to those servers, and don't forget to permit other traffic if needed.
Eugen
Reply to this message by going to Home
Start a new discussion in WAN, Routing and Switching at Home
02-10-2012 11:54 PM
Glad to help
Please mark it as answered so other people looking for a solution can check it.
Eugen
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide