Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1264
Views
0
Helpful
2
Replies

Having 2 different local ip addresses using same port 443

Daniel_Son89
Level 1
Level 1

‎12-07-2020 09:17 AM

Hi All,

 

I'm not so new to using Cisco equipment but I have basic knowledge into using my Cisco 887 for my home internet NBN.

 

I would please request some assistance; 

My setup at home high-level summary

Dell server with UPS using ESXi 6.7 on the metal

POE Network switch with POE CCTV camera - not internet facing cameras requires a connection to my L2TP VPN.

Cisco 887 VDSL router 

I run my own enterprise Microsoft exchange 2019 server for my emails because Gmail wasn't what I wanted  

I'm helping my friend build a website and I'm hosting it on a 2019 VM server which isn't domain joined (new VM guest)

 

My exchange server is using port 25 SMTP and port 443 with the following command - 192.168.15.147 is the IP address of the exchange server

ip nat inside source static tcp 192.168.15.147 443 interface Ethernet0 443

 

At the moment my Cisco 887 isn't allowing me to use 443 twice on a different IP address when I do the same command with the different IP address I just get the message back same port is already in use etc..  

 

Is it possible to have this setup or impossible?  

 

Basically what I'm wanting to achieve is using port 443 with 2 different IP addresses.  one for web hosting and the other for Exchange.  

 

FYI if anyone requests my config I apologise because I wrote it from scratch with no training and no certifications (i'm a server, Powershell, hardware, VMware, ANYTHING Microsoft guy and bulk more just limited in Cisco.  

 

Thanks

Daniel

 

Infrastructure Analyst
Labels:
0 Helpful
2 Replies 2

Georg Pauwen
VIP
VIP

‎12-07-2020 09:33 AM

Hello,

 

the easiest way to resolve this would be to configure two entries with different outside ports, and tell your clients to connect to that port (instead of port 443).

 

ip nat inside source static tcp 192.168.15.147 443 interface Ethernet0 443

ip nat inside source static tcp 192.168.15.148 443 interface Ethernet0 442

0 Helpful

kristoferpheely
Level 1
Level 1

‎12-07-2020 09:43 AM

I'm guessing ethernet0 is your WAN interface?

 

Let's say for the sake of this discussion that the WAN address on ethernet0 is 1.2.3.4

 

What you're asking the router to do is this:

 

Packets sourced from 192.168.15.X 443 are translated to 1.2.3.4 443

 

Packets sourced from 192.168.15.Y 443 are also translated to 1.2.3.4 443

 

If you think about traffic flowing in the other direction, it might make more sense why this won't work.

 

Packets destined to 1.2.3.4 443 can't be translated to both 192.168.15.X and Y. The router has no way to know what traffic needs translated to what address.

 

You should look at port forwarding. With this you could do something like:

 

Packets sourced from 192.168.15.X 443 translates to 1.2.3.4 443

 

Packets sourced from 192.168.15.Y 443 translates to 1.2.3.4 4443

 

 Or...

 

ip nat inside source static tcp 192.168.15.147 443 interface Ethernet0 443

ip nat inside source static tcp 192.168.15.147 443 interface Ethernet0 4443

 

 

 

 

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card