Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Configure 2 servers with 2 outside static IP's?

Posted on 2008-10-02
16
Medium Priority
?
663 Views
Last Modified: 2008-11-10
We currently have 2 servers inside our network. We have 5 static IP's of which we currently une only 1 that is configured in the WAN section of our router and then we use port forwarding for http, email etc. We recently added a 2nd server and would like to assign one of the other static IP's to that server, but still keep that server inside our network for other resources. How can I do this?
0
Comment
Question by:KF6DKY
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 4
  • +1
16 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 22628405
That will depend on the firewall you are using.  

You should be able to config the firewall to port forward any incoming for your 1st Internet IP to a certain internal IP, same for your 2nd internet IP.  

You can do port forwarding, or a 1 to 1 static map....    

It basically depends on what you are using.  
0
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 1200 total points
ID: 22628850
That is a home router. You will need to get an enterprise or small business router that supports multiple public IPs.
I just looked at the user manual of your router and you cannot do it.
Routers that can be assigned multiple public IPs generally start at about $350 USD and can be very complex to operate if you don't have any experience with them.
I recommend the Cisco 851W. It's about $350 as mentioned and is very good. You can assign hundreds of public IP addresses to this router with no problem. It also has very good wireless included and an enterprise-class firewall so you're always protected.

Here is a link to Cisco's data sheet for the 850 series:
http://www.cisco.com/en/US/prod/collateral/routers/ps380/ps6195/product_data_sheet0900aecd8028a9a9.html 
Here are some part numbers for you:
CISCO851-K9 - Cisco 851 Ethernet to Ethernet Router
CISCO851W-G-A-K9 - Cisco 851 Ethernet to Ethernet Wireless Router; Americas

Whether you get the wireless or not it's up to you. That is the one specifically for North America and its radio laws. The wireless version takes a bit more configuration than the wired one.
Let me know if you have any questions! Cheers!
0
 

Author Comment

by:KF6DKY
ID: 22628974
What do you mean by static route?
The only confict we have is both servers need to use port 80?
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22629116
I mean that you need to get a device that can support 2 public IP addresses. You cannot have 2 servers running on the same port on one IP address.
You need hardware that will support this. The Cisco 851 will do it.
0
 
LVL 11

Expert Comment

by:billwharton
ID: 22629800
KF6DKY - I am not going to take the opportunity of how all this is going to work.
1) You originally only had a single server hosting http (port 80), email etc and used up 1 static IP for that
2) You now have added a second server to your internal network and want to use a 2nd static IP for that while keeping this server physically on the inside network

Now, the problem you are going to face is that your router can only forward requests on a particular port to a single server. If you are looking to host two web servers on your network, then you would need to use a port other than 80 for your 2nd web server. If Internet users need to get to it, they'll need to do something like http://websitename.com:81

You can configure this using page 25 (virtual server) on the user guide:
http://trendnet.com/asp/download_manager/inc_downloading.asp?iFile=10877

I understand that giving users a port along with the URL to go to may be a little inconvenient. That's why services like this one exist which allow you to provide users with a normal URL but it does the port forwarding in the background
http://www.dnspark.com/services/webGuiding.php

KF6DKY - Please let me know if you have any additional questions
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22630374
As I've now had to do on several of bill's posts - I'll give you the full disclosure of what's going on as opposed to a 'rigged' solution:
Yes, it is possible to do this ON ANOTHER PORT. HOWEVER, it is not possible to host a website on the same port on the same IP as I stated before.
If you want the public to access the site, it is never a good idea to give them a port. Would you remember yahoo.com:81 or yahoo.com:8080  or yahoo.com:1025? I know I wouldn't, not to mention it looks bad.  
You want to keep a URL as short, sweet, and simple as possible - adding :81 or something else to the end doesn't help and will cost you valuable traffic to the site.
If you're using this site for anything other than personal use, it's better to invest the money and get adequate equipment instead of "jerry-rigging" what you have.
All DNS park is is a URL redirection service. It redirections whatever.com to whatever.com:port.
Again, I wouldn't use this because some search engines don't like having ports on the URL and users never remember what it is.
Just my thoughts on the topic. No harm intended Bill.
Cheers!
 
0
 
LVL 11

Expert Comment

by:billwharton
ID: 22630583
I only advise and recommend solutions that I have deployed myself. The above has been deployed by me in the past and I haven't heard back from the customer in a while now.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22630679
Sorry, I'm not trying to be a butt although it might have come across that way.
The bottom line: yes, that would work, but in most situations where the site was something other than an internal site that employees or vendors use, it probably is better to just put out a little bit of cash (what's $350 now thesesays anyways? You can't even buy gas for a month with that.. lol) and be ensured that you have good equipment that will do the job securely and with the utmost reliability.
Not to mention that they do have 5 public IPs which I assume they'd like to use at some point in time. To be able to use more than one, they would need some sort of different equipment to do so and the Cisco 851 is better than anything else for the price and will do the job deftly.
Cheers Bill - as I said, no harm intended.
:)
0
 

Author Comment

by:KF6DKY
ID: 22631092
Thanks for the info, I think I have enough to make a good informed decision now.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22631218
Cool, let me know what you decide! :)
0
 

Author Comment

by:KF6DKY
ID: 22665098
After all this, I may just go with a second nic, I prefer what the Cisco 851 can do, but I'm not a cco guy, what other similar browser configurable routers can handle multiple static IP's?
0
 
LVL 11

Assisted Solution

by:billwharton
billwharton earned 300 total points
ID: 22665267
not sure how a second nic woudl help you in this scenario. The ASA 5505 firewall is a very good one and it's version 8.x is extremely easy to use. You can choose to run a wizard and it would show you how to configure the firweall step by step. I sold this to a client who had a single engineer who only knew microsoft products but he was able to configure the firewall in under an hour using asdm

http://www.cisco.com/en/US/products/ps6121/
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22665335
Absolutely on the 5505 being excellent. As I've said, I've deployed about 20 of these and other various bigger ones.
Using the ASDM that comes with the ASA 5505 you will have no trouble  getting setup. It's very intuitive. And then if you need help you can just ask on here and there are tons of us to help you!
Also, the built in enterprise features such as the deep packet inspection firewall (VERY good) and the VPN features are also very good - it has both SSL and IPsec VPN.
The bottom line is that you just cannot go wrong with the ASA. If you don't need advanced features like BGP routing OR multiple simultaneous ISP connections, get the ASA. If you need either of the two things I mentioned you'd be better server by the router. Also, the router GUI is considerably more difficult than the ASA's, and I personally think it's useless.
Cheers! Let me know if you have questions!
0
 

Author Comment

by:KF6DKY
ID: 22671182
Are there any tools for the Cisco 860 series that aid in configuration? I'm not a Cisco guy at all.
0
 
LVL 11

Expert Comment

by:billwharton
ID: 22671890
you do have the sdm but it's not as good
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22671966
Agreed - SDM sucks. ASDM will let you do almost anything and is very intuitive - the SDM is so confusing and buggy that I get stuck on it sometimes.
Cheers!
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question