Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1006
Views
0
Helpful
5
Replies

Connection on multiple WAN IP addresses-Cisco 2951

Go to solution
Vishal.Seetal
Level 1
Level 1

‎02-10-2012 05:57 PM - edited ‎03-04-2019 03:13 PM

Hi guys,

I need help configuring my Cisco 2951 router with Z0ne-based firewall. This is the scenario I would like to configure.

I have two ftp servers,S1 and S2, behind the router which needs to be accessed by two groups of users, G1 and G2, from the outside, i.e., from the internet.

I have two public IP addresses, 152.12.164.203 and 152.12.164.204. The WAN interface of the router is configured with IP address 152.12.164.203. G1 needs to access S1 on 152.12.164.203 and G2 needs to access S2 on 152.12.164.204.

What are the steps in configuring the router if I need the above scenario to be implemented?

Thank you for your help!

Regards,

Vishal

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ebarticel
Level 4
Level 4
In response to Vishal.Seetal

‎02-10-2012 07:36 PM

I think you need to assign the second public ip on the wan interface as a secondary ip. Same command but use secondary after, and then use static mapping to each of the 2 sites. You can use extended acl as the source for nat mapping to permit only ftp to those servers, and don't forget to permit other traffic if needed.

Eugen

View solution in original post

0 Helpful
5 Replies 5

Go to solution
ebarticel
Level 4
Level 4

‎02-10-2012 06:22 PM

Hi Vishal,

Have a read thru this

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093f31.shtml

http://www.cisco.com/en/US/docs/ios/12_0/np1/configuration/guide/1cipadr.html#wp4593

And combine those with an extended ACL on outside interface to permit only those 2 networks to access ftp.

Eugen

0 Helpful

Go to solution
Vishal.Seetal
Level 1
Level 1
In response to ebarticel

‎02-10-2012 06:50 PM

Hi Eugen,

Thank you for your reply. I have a question: Do I need to configure a logical interface to allow my WAN interface which is on 152.12.164.203 to also use 152.12.164.204?Is a logical interface needed at all?

Thank you.

Kind regards,

Vishal

0 Helpful

Go to solution
ebarticel
Level 4
Level 4
In response to Vishal.Seetal

‎02-10-2012 07:36 PM

I think you need to assign the second public ip on the wan interface as a secondary ip. Same command but use secondary after, and then use static mapping to each of the 2 sites. You can use extended acl as the source for nat mapping to permit only ftp to those servers, and don't forget to permit other traffic if needed.

Eugen

0 Helpful

Go to solution
Vishal.Seetal
Level 1
Level 1
In response to ebarticel

‎02-10-2012 08:50 PM

Thank you Eugen. That was simple. It works fine.Wow,that's great!now i can enjoy my weekend!

Youhou!!

Thanks mate..

Kind regards,

Vishal

Date: Fri, 10 Feb 2012 20:37:00 -0700

From: supportforums-donotreply@supportforums.cisco.com

To: vishal90216@hotmail.com

Subject: - Re: Connection on multiple WAN IP addresses-Cisco 2951

Home

Re: Connection on multiple WAN IP addresses-Cisco 2951 created by eugen barticel in WAN, Routing and Switching - View the full discussion

I think you need to assign the second public ip on the wan interface as a secondary ip. Same command but use secondary after, and then use static mapping to each of the 2 sites. You can use extended acl as the source for nat mapping to permit only ftp to those servers, and don't forget to permit other traffic if needed.

Eugen

Reply to this message by going to Home

Start a new discussion in WAN, Routing and Switching at Home

0 Helpful

Go to solution
ebarticel
Level 4
Level 4
In response to Vishal.Seetal

‎02-10-2012 11:54 PM

Glad to help

Please mark it as answered so other people looking for a solution can check it.

Eugen

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card