Cisco 1800 Multiple IP's on the WAN (SSL Port mapping)

Posted on 2007-10-01
Last Modified: 2012-06-27
Hello we have a Cisco 1800 series. As we understand it, it has only Port 0 as the WAN port. We want to use Cisco VPN client to connect to the network. We understand that the VPN client uses SSL. However, we also have an IIS server on the otherside using the same SSL port 443 that we want todo port fowarding from the outside to that server.

I have 5 IPs available to me publicly. I have 1 physical port on the router. I want to route the same TCP port between 2 internal IP's. Can I assign more then 1 of the Public IPs to the same interface?

Internet <-> x.x.x.x <-> TCP Port 80
                     <-> TCP Port 80

Can I add an y.y.y.y IP to the same port? IS that the solution?

In general it seems to me that if we enable SSL on the Cisco client, we wont be able port foward to the IIS server on the internal network.

The question is 2 fold

1. Can you assign more then 1 IP to the WLAN port?
    a. If so ,then I should be able to Port foward from the addtional External IP to the SSL port, while mapping the other IP to the VPN Client
2. Change the VPN Client to not use SSL? or change the SSL Client Port?

Are there other solutions that I am missing?
Question by:Amirlit
    LVL 9

    Accepted Solution

    Example public IPs:

    On the WAN interface of your router assign 1 ip address:

    Assign a static translation from another outside address to the servers internal address and create a rule that allows traffic on ports 80, 443, etc.

    When you create your external dns entries make 1 entry for at address  When you go to it will resolve to and get routed to your network, then the router & firewall will pass that traffic through to your network and server.

    Create another external dns entrie for at address  When you go to it will resolve to and get routed to your router or pix (whichever has the vpn enabled) and allow access with the vpn client.

    You cannot assign more than 1 address to the interface, but you dont have to do that.  You can create an SSL VPN to the router or firewall (which ever you were planning on) and then create a rule to forward the other SSL traffic to the network server.   As long as you use a different external address for each service you could have as many SSL connections to your network as you have public ips.

    What your thinking is if you have 1 public ip and do SSL to that same IP for 2 different services then yes this will NOT work as the same ip will not know 1 service from the other.  But, if you use 2 different public ips it will know that 1 public ip for SSL is the vpn and 1 public ip for SSL is the server.

    You have 5 IPs so, 1 for the public interface of the router, 1 for SSL vpn, 1 for SSL server, you now have 2 left for whatever.

    Author Comment

    Thanks for the help. I knew I was not crazy.

    BTW, is there some special command to add an additional IP address to the same interface? Its not obvious in the GUI interface.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Suggested Solutions

    Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
    Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now