cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
597
Views
0
Helpful
1
Replies

2610 LAN configuration with devices on both internal and external IPs

keithglanville
Level 1
Level 1

I am more than a bit rusty and reconfiguring a network due the arrival of a new SBS office server. The new office server (and clients) needs to connect to the Internet via our Cisco 2610 router. The server is say 10.1.1.10 and the FastEthernet0 interface on the router is set to 10.1.1.200. The 2600 has a Serial0 interface that is connected to a leased line with an external IP address. We also have our own class C IP range used for web, mail and dns servers.

So:

OfficeServer (10.1.1.10)<----->FastEthernet0(10.1.1.200)[2600 ROUTER1]Serial0(123.123.123.54)<---leased line--->ISP(Internet)

However, I also have a webserver etc in our office, with an external IP address from our range, that needs to, and can, see the Internet.

So, we also have, on the same router:

WebServer (90.4.123.35)<----->FastEthernet0(90.4.123.254)[2600 ROUTER1]Serial0(123.123.123.1)<---leased line--->ISP(Internet)

interface FastEthernet0/0

ip address 10.1.1.200 255.255.0.0 secondary

ip address 90.4.123.254 255.255.255.0

ip nat inside

speed auto

full-duplex

!

interface Serial0/0

description Connection to NTL

ip address 123.123.123.54 255.255.255.252

ip broadcast-address 123.123.123.55

ip access-group inboundfilter in

ip access-group outboundfilter2 out

ip nat outside

encapsulation ppp

no fair-queue

The FastEthernet0 interface has both an internet and external IP address mapped to it. Currently the office PCs use the external IP address as their gateway address and this works, however the new server is more secure and won't allow this.

There is NAT and access-lists running on the Cisco and each office PC has an internal IP address that is NATted to a dedicated external IP.

At the moment the webserver can see the Internet, but the office server cannot. Office PCs can see the Internet if they use the external IP address mapped to FastEthernet0/0 direct as their gateway address (although you get a message suggesting that this is not the way to go). So I am trying to resolve this whilst also trying to set it up better/properly.

What is the best way to do this (all assistance appreciated)?

Do I need to NAT the internal office server IP to an external IP address for it to see the internet?

Do I need to NAT the internal gateway address to an external IP address or will the router be able to route this anyhow?

Could it be DNS, so should I set the DNS server on the office server NIC to the ISPs DNS server, or to the Cisco

1 Reply 1

lgijssel
Level 9
Level 9

The best solution is to renumber the webserver to an internal ip address and configure a static nat on the router:

ip nat inside source static

http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xe/feature/guide/gt_ntsip.html

regards,

Leo

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco