12-07-2020 09:17 AM
Hi All,
I'm not so new to using Cisco equipment but I have basic knowledge into using my Cisco 887 for my home internet NBN.
I would please request some assistance;
My setup at home high-level summary
Dell server with UPS using ESXi 6.7 on the metal
POE Network switch with POE CCTV camera - not internet facing cameras requires a connection to my L2TP VPN.
Cisco 887 VDSL router
I run my own enterprise Microsoft exchange 2019 server for my emails because Gmail wasn't what I wanted
I'm helping my friend build a website and I'm hosting it on a 2019 VM server which isn't domain joined (new VM guest)
My exchange server is using port 25 SMTP and port 443 with the following command - 192.168.15.147 is the IP address of the exchange server
ip nat inside source static tcp 192.168.15.147 443 interface Ethernet0 443
At the moment my Cisco 887 isn't allowing me to use 443 twice on a different IP address when I do the same command with the different IP address I just get the message back same port is already in use etc..
Is it possible to have this setup or impossible?
Basically what I'm wanting to achieve is using port 443 with 2 different IP addresses. one for web hosting and the other for Exchange.
FYI if anyone requests my config I apologise because I wrote it from scratch with no training and no certifications (i'm a server, Powershell, hardware, VMware, ANYTHING Microsoft guy and bulk more
Thanks
Daniel
12-07-2020 09:33 AM
Hello,
the easiest way to resolve this would be to configure two entries with different outside ports, and tell your clients to connect to that port (instead of port 443).
ip nat inside source static tcp 192.168.15.147 443 interface Ethernet0 443
ip nat inside source static tcp 192.168.15.148 443 interface Ethernet0 442
12-07-2020 09:43 AM
I'm guessing ethernet0 is your WAN interface?
Let's say for the sake of this discussion that the WAN address on ethernet0 is 1.2.3.4
What you're asking the router to do is this:
Packets sourced from 192.168.15.X 443 are translated to 1.2.3.4 443
Packets sourced from 192.168.15.Y 443 are also translated to 1.2.3.4 443
If you think about traffic flowing in the other direction, it might make more sense why this won't work.
Packets destined to 1.2.3.4 443 can't be translated to both 192.168.15.X and Y. The router has no way to know what traffic needs translated to what address.
You should look at port forwarding. With this you could do something like:
Packets sourced from 192.168.15.X 443 translates to 1.2.3.4 443
Packets sourced from 192.168.15.Y 443 translates to 1.2.3.4 4443
Or...
ip nat inside source static tcp 192.168.15.147 443 interface Ethernet0 443
ip nat inside source static tcp 192.168.15.147 443 interface Ethernet0 4443
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide