Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
3362
Views
5
Helpful
18
Replies

Serving two hosts through port 443 SSL

Go to solution
Frank27
Level 1
Level 1

‎12-05-2021 08:03 AM - last edited on ‎12-06-2021 12:25 AM by Community Manager

This is the scenario :

A  1941 router  needs to redirect port 443(SSL) to a web server inside the LAN port 3000 while another web server needs to be served on port 443-443 :

 

router 1941 ----> outside 443 inside 443

        =         ----> outside 443 inside 3000

 

Is this possible without changing the outside port?

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul driver
VIP
VIP
In response to Georg Pauwen

‎12-05-2021 03:01 PM

@Georg Pauwen wrote:

@paul driver I guess I am misreading the original post. Where would the outside2 come from ? Are you suggesting to get an additional ISP connection, or an additional public IP address from the existing ISP ?

Yes the latter, use an addtional inside global ip or use a different outside tcp port.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

0 Helpful
18 Replies 18

Go to solution
Frank27
Level 1
Level 1

‎12-05-2021 08:43 AM

i found that the only solution is changing the outside port...

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎12-05-2021 10:36 AM

if different IP you use for each NAT then it OK but same IP I don't think so.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎12-05-2021 12:01 PM - last edited on ‎12-06-2021 12:25 AM by Community Manager

No, you can do that instead use a different port

 

ip nat inside source static tcp x.x.x.x 443 y.y.y.y 443

ip nat inside source static tcp x.x.x.x 8443 z.z.z.z  3000

 

Another way is FQDN.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to balaji.bandi

‎12-05-2021 12:23 PM

@balaji.bandi 

 

Hello,

 

just out of curiosity, which device and IOS did you get this to work on ? Same outside address and same outside port, but different inside ports ? I get an error saying that the IP is already mapped...

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Georg Pauwen

‎12-05-2021 12:49 PM - last edited on ‎12-06-2021 12:26 AM by Community Manager

any router does this work - I would suggest checking the syntax correctly before configuring ( sure 'miss-configuration' get that error)

 

ip nat inside source static tcp x.x.x.x 443 y.y.y.y 443

ip nat inside source static tcp x.x.x.x 8443 z.z.z.z  3000

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to balaji.bandi

‎12-05-2021 12:51 PM

@balaji.bandi I think OP is asking the question because he wants to map both servers to the SAME outside IP address, not different ones. 

 

Otherwise I guess he would not be asking the question to start out with...

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Georg Pauwen

‎12-05-2021 01:05 PM 

No, you can do that instead use a different port

I do address OP's question and asked to use different methods, just for clarity here.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to balaji.bandi

‎12-05-2021 01:42 PM - last edited on ‎12-06-2021 12:28 AM by Community Manager

@balaji.bandi 

 

As I understood the question, it was if the below works:

 

ip nat inside source static tcp 192.168.1.10 443 212.12.10.243 443
ip nat inside source static tcp 192.168.1.11 3000 212.12.10.243 443

 

It doesn't work. I thought you got it to work, maybe on a different IOS version, that's why I was asking.

0 Helpful

Go to solution
paul driver
VIP
VIP

‎12-05-2021 02:24 PM - last edited on ‎12-06-2021 12:30 AM by Community Manager

@Frank27 wrote:

Is this possible without changing the outside port?

yes by changing the inside global address as stated by @balaji.bandi 

Options I would say are:

1
router 1941 ----> outside1 443 inside1 443

        =         ----> outside1 3000 inside2 443

2
router 1941 ----> outside1 443 inside1 443

        =         ----> outside2 443 inside2 443



kind regards
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to paul driver

‎12-05-2021 02:47 PM

@paul driver I guess I am misreading the original post. Where would the outside2 come from ? Are you suggesting to get an additional ISP connection, or an additional public IP address from the existing ISP ?

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to Georg Pauwen

‎12-05-2021 03:01 PM

@Georg Pauwen wrote:

@paul driver I guess I am misreading the original post. Where would the outside2 come from ? Are you suggesting to get an additional ISP connection, or an additional public IP address from the existing ISP ?

Yes the latter, use an addtional inside global ip or use a different outside tcp port.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
Frank27
Level 1
Level 1

‎12-05-2021 07:23 PM - last edited on ‎12-06-2021 12:32 AM by Community Manager

Yes , sorry i need to add some clarifications :

1) There is one static public ip in the WAN -- not two.

2) the LAN IPs are different but the scope of this question was doing it without mapping different external port

 

to recap :

x.x.x.x (Static public)--> 192.168.0.1 (webserver running CentOS)---> ext 443 int 443

                                --> 192.168.0.2 (wevserver running CentOS)---> ext 443 int 3000

this was the deal.. i make it work using a different external port for the second address like:




x.x.x.x (Static public)--> 192.168.0.1 (webserver running CentOS)---> ext 5000 int 443

                                --> 192.168.0.2 (wevserver running CentOS)---> ext 443 int 3000
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Frank27

‎12-06-2021 08:43 AM

yes that is what our suggestion.

 

or use FQDN.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to balaji.bandi

‎12-06-2021 08:58 AM

@balaji.bandi What would an FQDN-based solution look like with regard to this specific issue ?

0 Helpful
Related community topics
li.common.scroll-to.top