10-27-2009 02:58 AM - edited 03-06-2019 08:19 AM
I am more than a bit rusty and reconfiguring a network due the arrival of a new SBS office server. The new office server (and clients) needs to connect to the Internet via our Cisco 2610 router. The server is say 10.1.1.10 and the FastEthernet0 interface on the router is set to 10.1.1.200. The 2600 has a Serial0 interface that is connected to a leased line with an external IP address. We also have our own class C IP range used for web, mail and dns servers.
So:
OfficeServer (10.1.1.10)<----->FastEthernet0(10.1.1.200)[2600 ROUTER1]Serial0(123.123.123.54)<---leased line--->ISP(Internet)
However, I also have a webserver etc in our office, with an external IP address from our range, that needs to, and can, see the Internet.
So, we also have, on the same router:
WebServer (90.4.123.35)<----->FastEthernet0(90.4.123.254)[2600 ROUTER1]Serial0(123.123.123.1)<---leased line--->ISP(Internet)
interface FastEthernet0/0
ip address 10.1.1.200 255.255.0.0 secondary
ip address 90.4.123.254 255.255.255.0
ip nat inside
speed auto
full-duplex
!
interface Serial0/0
description Connection to NTL
ip address 123.123.123.54 255.255.255.252
ip broadcast-address 123.123.123.55
ip access-group inboundfilter in
ip access-group outboundfilter2 out
ip nat outside
encapsulation ppp
no fair-queue
The FastEthernet0 interface has both an internet and external IP address mapped to it. Currently the office PCs use the external IP address as their gateway address and this works, however the new server is more secure and won't allow this.
There is NAT and access-lists running on the Cisco and each office PC has an internal IP address that is NATted to a dedicated external IP.
At the moment the webserver can see the Internet, but the office server cannot. Office PCs can see the Internet if they use the external IP address mapped to FastEthernet0/0 direct as their gateway address (although you get a message suggesting that this is not the way to go). So I am trying to resolve this whilst also trying to set it up better/properly.
What is the best way to do this (all assistance appreciated)?
Do I need to NAT the internal office server IP to an external IP address for it to see the internet?
Do I need to NAT the internal gateway address to an external IP address or will the router be able to route this anyhow?
Could it be DNS, so should I set the DNS server on the office server NIC to the ISPs DNS server, or to the Cisco
10-27-2009 03:50 AM
The best solution is to renumber the webserver to an internal ip address and configure a static nat on the router:
ip nat inside source static
http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xe/feature/guide/gt_ntsip.html
regards,
Leo
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide