Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
658
Views
3
Helpful
7
Replies

ISR 4431 public ip nat public ip

molnartamas
Level 1
Level 1

‎02-17-2024 01:34 PM

Hi,

I have a Cisco 4431 router that receives a fixed public IP address from the service provider. Behind the router I have 2 servers with 6 virtual servers. I bought public IP addresses for these servers, but they were completely different from the ones provided by the service provider, and I didn't buy the addresses from the service provider.
The question is, how can I solve it so that I can set a public address on the VMs I run and access those VMs from the outside, using the IP address purchased for them.
I drew a topology to make it more transparent.

The topology in short:
The EDGE-ROUTER connects to the Internet and SW01, there are no vlans on it, it works as an L2 Switch. The 3 VMs are on separate public IP addresses. From the client machine that is connected to the Internet, I want to access VM2 on its own public IP address.
What protocol or solution is there to solve this problem?

Labels:
pt.PNG
0 Helpful
7 Replies 7

liviu.gheorghe
Spotlight
Spotlight

‎02-17-2024 03:37 PM

Hello @molnartamas ,

There are two things you should do in order to make this work:

1. Configure a static NAT in the ISR 4431 to translate the inside IP's of the servers in the public IP's you purchased

2. Speak with your provider and configure some routing protocol, usually BGP, in order to announce the IP's you purchased to the Internet.

Now, depending on what type of IP's you purchased, your current service provider might not be willing to announce those IP's to the Internet and usually service providers accept a /24 as the minimum prefix length when using BGP. 

The first point is easy - just a few lines of configuration on the ISR 4431, the second point might prove to be challenging.

Hope this helps.

Regards, LG
*** Please Rate All Helpful Responses ***

paul driver
VIP
VIP
In response to liviu.gheorghe

‎02-17-2024 04:01 PM - edited ‎02-17-2024 04:02 PM

Hello

 @molnartamas ,

. Speak with your provider and configure some routing protocol, usually BGP, in order to announce the IP's you purchased to the Internet.

I would say a simple static route by the ISP pointing to the client for that PI range would be applicable which they would then advertise, It would save the client the additional cost/overhead on activating any BGP/IGP


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

paul driver
VIP
VIP

‎02-17-2024 03:39 PM

Hello
So you need to have a word with your present SP in relation to your PI addressing, it maybe they can advertise that PI range for you otherwise the only option I#d say is to NAT/PAT the 150.10.10.x ip range behind the 14.14.14.14. 



Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

balaji.bandi
Hall of Fame
Hall of Fame

‎02-17-2024 03:44 PM

For Public IP you do not need NAT -  ISP already routed those Public IP  to your WAN IP

Then just configure the Public IP directly the VM with Gateway that should work for you.

But for  security and best practice, suggest to not expose hosted service directly to outside will have risk

instead use RFC 1918 address on the VM, and do static NAT using provider provided Public IP is good option.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

paul driver
VIP
VIP
In response to balaji.bandi

‎02-17-2024 03:53 PM

Hello

@balaji.bandi wrote:

For Public IP you do not need NAT -  ISP already routed those Public IP  to your WAN IP

I believe this will NOT viable  as the OP has suggested he is using PI addressing NOT owned by his current ISP, so I envisaged the ISP will not be advertising them presently 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to paul driver

‎02-17-2024 04:16 PM - edited ‎02-17-2024 04:18 PM

 

I believe this will NOT viable  as the OP has suggested he is using PI addressing NOT owned by his current ISP, so I envisaged the ISP will not be advertising them presently

 

ha - missed that bit cheers !

In that case user can give authorization to ISP to announcement of their Block to routable via ISP. (if the OP do not have AS and not have BGP environment)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to balaji.bandi

‎02-18-2024 01:48 PM

It is not clear who the OP purchased the Public IPs from. My first suggestion would be for OP to ask the folk who provide the 6 IPs if they have a suggestion. If they are in business selling Public IPs I would hope they have a solution.

I agree that running BGP is frequently how Public IPs are frequently used but that having a block of 6 is going to be problematic to use BGP.

I wonder if a solution might be to configure a tunnel (perhaps a basic GRE tunnel) to the organization providing the 6 Public IP and route the 6 Public IPs over that tunnel.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card