Cisco 1800 Multiple IP's on the WAN (SSL Port mapping)

Hello we have a Cisco 1800 series. As we understand it, it has only Port 0 as the WAN port. We want to use Cisco VPN client to connect to the network. We understand that the VPN client uses SSL. However, we also have an IIS server on the otherside using the same SSL port 443 that we want todo port fowarding from the outside to that server.

I have 5 IPs available to me publicly. I have 1 physical port on the router. I want to route the same TCP port between 2 internal IP's. Can I assign more then 1 of the Public IPs to the same interface?


Internet <-> x.x.x.x <-> 192.168.1.1 TCP Port 80
                     <-> 192.168.1.2 TCP Port 80

Can I add an y.y.y.y IP to the same port? IS that the solution?

In general it seems to me that if we enable SSL on the Cisco client, we wont be able port foward to the IIS server on the internal network.

The question is 2 fold

1. Can you assign more then 1 IP to the WLAN port?
    a. If so ,then I should be able to Port foward from the addtional External IP to the SSL port, while mapping the other IP to the VPN Client
2. Change the VPN Client to not use SSL? or change the SSL Client Port?

Are there other solutions that I am missing?
AmirlitAsked:
Who is Participating?
 
QBRadCommented:
Example public IPs:
1.1.1.1
2.2.2.2
3.3.3.3
4.4.4.4
5.5.5.5

On the WAN interface of your router assign 1 ip address: 1.1.1.1

Assign a static translation from another outside address 2.2.2.2 to the servers internal address and create a rule that allows traffic on ports 80, 443, etc.

When you create your external dns entries make 1 entry for server.domain.com at address 2.2.2.2.  When you go to server.domain.com it will resolve to 2.2.2.2 and get routed to your network, then the router & firewall will pass that traffic through to your network and server.

Create another external dns entrie for vpn.domain.com at address 1.1.1.1.  When you go to vpn.domain.com it will resolve to 1.1.1.1 and get routed to your router or pix (whichever has the vpn enabled) and allow access with the vpn client.

You cannot assign more than 1 address to the interface, but you dont have to do that.  You can create an SSL VPN to the router or firewall (which ever you were planning on) and then create a rule to forward the other SSL traffic to the network server.   As long as you use a different external address for each service you could have as many SSL connections to your network as you have public ips.

What your thinking is if you have 1 public ip and do SSL to that same IP for 2 different services then yes this will NOT work as the same ip will not know 1 service from the other.  But, if you use 2 different public ips it will know that 1 public ip for SSL is the vpn and 1 public ip for SSL is the server.

You have 5 IPs so, 1 for the public interface of the router, 1 for SSL vpn, 1 for SSL server, you now have 2 left for whatever.
0
 
AmirlitAuthor Commented:
Thanks for the help. I knew I was not crazy.

BTW, is there some special command to add an additional IP address to the same interface? Its not obvious in the GUI interface.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.