Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
851
Views
0
Helpful
3
Replies

Port 21 forwarding to 2 private IP address.

tech.linkwave
Level 1
Level 1

‎12-27-2014 02:12 PM - edited ‎03-07-2019 10:01 PM

Hello Friends,

Situation:

One of my FTP Server is configured with 2 NIC, as MS 2k8 Standard do not support clustering and my NIC also do not support NIC teaming so i am using DNS round robin for load balance.... and each NIC have a different private IP address, 192.168.20.5 and 192.168.20.6. 

Goal: i want forward all outside FTP port 21 request to this server. and want to forward to both private ip addresses.

when someone try port 21 on 11.22.33.44 it should be forwarded to 192.168.20.5 or if it's not available then 192.168.20.6.

 

Issues:

so i tried 

ip nat inside source static tcp 192.168.20.5 21 11.22.33.44 21 extendable

and it's works but when i am trying to add the second entry for 2nd private ip address, cisco router is giving me an error that same port is already configured with a different IP.
 
i tried 
ip nat inside source static tcp 192.168.20.6 21 11.22.33.44 21 extendable
 
can you please tell me how i can add both private ip addresses into that port forwarding rule.
 
Please give you suggestions :(
 
Thanks,
Sandy*_
Labels:
0 Helpful
3 Replies 3

ghostinthenet
Level 7
Level 7

‎12-28-2014 09:05 AM

Forwarding the same TCP port to more than one address without having a way to differentiate the traffic isn't going to work well. There are ways to do it on the router if you can predict the source addresses, but if you're just wanting to globally forward FTP to two addresses, this will create an unresolvable conflict.

One way to work around this is to create a loopback address on your Windows Server with a new address and a 32-bit subnet mask. Something like 192.168.255.0/32 (255.255.255.255 subnet mask) should work. You can then do something like this:

ip nat inside source static tcp 192.168.255.0 21 11.22.33.44 21 extendable
!
ip route 192.168.255.0 255.255.255.255 192.168.20.5
ip route 192.168.255.0 255.255.255.255 192.168.20.6

This will create a single NAT entry to your loopback address and then add equal-cost routes on your router to reach it. This gets around the NAT conflict of connecting a single port to two different addresses.

If it isn't enabled already, you will need to turn on IP Packet Forwarding on your server for this solution to work. Details can be found here:

http://technet.microsoft.com/en-us/library/ff687814(v=ws.10).aspx

0 Helpful

tech.linkwave
Level 1
Level 1
In response to ghostinthenet

‎12-29-2014 06:12 PM

Thanks... i will try it and will let you know the status very soon....Thanks :)

 

 

Thanks,

Sandy

0 Helpful

ghostinthenet
Level 7
Level 7
In response to tech.linkwave

‎01-04-2015 08:44 AM

Did that do the trick?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card