- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-05-2021
08:03 AM
- last edited on
12-06-2021
12:25 AM
by
Translator
This is the scenario :
A 1941 router needs to redirect port 443(SSL) to a web server inside the LAN port 3000 while another web server needs to be served on port 443-443 :
router 1941 ----> outside 443 inside 443
= ----> outside 443 inside 3000
Is this possible without changing the outside port?
Solved! Go to Solution.
- Labels:
-
Other Routing
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-05-2021 03:01 PM
@Georg Pauwen wrote:
@paul driver I guess I am misreading the original post. Where would the outside2 come from ?
Are you suggesting to get an additional ISP connection,or an additional public IP address from the existing ISP ?
Yes the latter, use an addtional inside global ip or use a different outside tcp port.
Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.
Kind Regards
Paul
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-05-2021 08:43 AM
i found that the only solution is changing the outside port...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-05-2021 10:36 AM
if different IP you use for each NAT then it OK but same IP I don't think so.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-05-2021
12:01 PM
- last edited on
12-06-2021
12:25 AM
by
Translator
No, you can do that instead use a different port
ip nat inside source static tcp x.x.x.x 443 y.y.y.y 443
ip nat inside source static tcp x.x.x.x 8443 z.z.z.z 3000
Another way is FQDN.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-05-2021 12:23 PM
Hello,
just out of curiosity, which device and IOS did you get this to work on ? Same outside address and same outside port, but different inside ports ? I get an error saying that the IP is already mapped...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-05-2021
12:49 PM
- last edited on
12-06-2021
12:26 AM
by
Translator
any router does this work - I would suggest checking the syntax correctly before configuring ( sure 'miss-configuration' get that error)
ip nat inside source static tcp x.x.x.x 443 y.y.y.y 443
ip nat inside source static tcp x.x.x.x 8443 z.z.z.z 3000
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-05-2021 12:51 PM
@balaji.bandi I think OP is asking the question because he wants to map both servers to the SAME outside IP address, not different ones.
Otherwise I guess he would not be asking the question to start out with...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-05-2021 01:05 PM
No, you can do that instead use a different port
I do address OP's question and asked to use different methods, just for clarity here.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-05-2021
01:42 PM
- last edited on
12-06-2021
12:28 AM
by
Translator
As I understood the question, it was if the below works:
ip nat inside source static tcp 192.168.1.10 443 212.12.10.243 443
ip nat inside source static tcp 192.168.1.11 3000 212.12.10.243 443
It doesn't work. I thought you got it to work, maybe on a different IOS version, that's why I was asking.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-05-2021
02:24 PM
- last edited on
12-06-2021
12:30 AM
by
Translator
@Frank27 wrote:
Is this possible without changing the outside port?
yes by changing the inside global address as stated by @balaji.bandi
Options I would say are:
1
router 1941 ----> outside1 443 inside1 443
= ----> outside1 3000 inside2 443
2
router 1941 ----> outside1 443 inside1 443
= ----> outside2 443 inside2 443
kind regards
Paul
Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.
Kind Regards
Paul
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-05-2021 02:47 PM
@paul driver I guess I am misreading the original post. Where would the outside2 come from ? Are you suggesting to get an additional ISP connection, or an additional public IP address from the existing ISP ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-05-2021 03:01 PM
@Georg Pauwen wrote:
@paul driver I guess I am misreading the original post. Where would the outside2 come from ?
Are you suggesting to get an additional ISP connection,or an additional public IP address from the existing ISP ?
Yes the latter, use an addtional inside global ip or use a different outside tcp port.
Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.
Kind Regards
Paul
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-05-2021
07:23 PM
- last edited on
12-06-2021
12:32 AM
by
Translator
Yes , sorry i need to add some clarifications :
1) There is one static public ip in the WAN -- not two.
2) the LAN IPs are different but the scope of this question was doing it without mapping different external port
to recap :
x.x.x.x (Static public)--> 192.168.0.1 (webserver running CentOS)---> ext 443 int 443
--> 192.168.0.2 (wevserver running CentOS)---> ext 443 int 3000
this was the deal.. i make it work using a different external port for the second address like:
x.x.x.x (Static public)--> 192.168.0.1 (webserver running CentOS)---> ext 5000 int 443
--> 192.168.0.2 (wevserver running CentOS)---> ext 443 int 3000
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-06-2021 08:43 AM
yes that is what our suggestion.
or use FQDN.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-06-2021 08:58 AM
@balaji.bandi What would an FQDN-based solution look like with regard to this specific issue ?
