?
Solved

Presenting multiple public IP addresses on a single firewall interface.

Posted on 2008-10-08
7
Medium Priority
?
1,783 Views
Last Modified: 2013-12-25
We have a firewall with a web facing interface of 150.x.x.a
We have purchased several other public ips, 150.x.x.b and 150.x.x.c
How do I make 150.x.x.b available on our firewalls external interface?
I intend to NAT 150.x.x.b to an internal IP address (web server) .

So basically I want to be able to access this internal webserver by entering a different 150.x.x.b
Do we get our ISP to route 150.x.x.b to our firewall external ip address 150.x.x.a, and simply use a static nat?

0
Comment
Question by:rgoggins
7 Comments
 
LVL 8

Expert Comment

by:sstone55423
ID: 22675475
WHat kind of firewall?  The firewall needs to be configured to NAT the available IP addresses in the range you purchased.  Different firewalls do that in different ways.
0
 
LVL 1

Author Comment

by:rgoggins
ID: 22675510
Hi,

 its a Cisco ASA 5510 Series.
I have no problem with configuring the NAT. What I really want to know is about the routing?

 Do we just get our ISP to route 150.x.x.b to our current external IP 150.x.x.a and then configure the NAT to our internal server. Is that all that is required to make this web server accessable using 150.x.x.b ?

Thanks,
0
 
LVL 4

Accepted Solution

by:
urgoll earned 800 total points
ID: 22675563
Hello,
assuming 150.x.x.a, 150.x.x.b and 150.x.x.c are all on the same subnet, then you ISP already knows how to route them to you. All you need is to setup a static NAT to your internal server, configure your ACL to allow incoming traffic (if that's the intended purpose) and you are done.

If 150.x.x.b and 150.x.x.c are on a different subnet than 150.x.x.a, then yes you need to have your ISP route those to 150.x.x.a. Otherwise, the NAT and ACL configuration on the ASA is identical.

Hope this helps,
Christophe
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 6

Assisted Solution

by:Gunter17
Gunter17 earned 400 total points
ID: 22680839
The magic happening here with the ASA is called proxy arp, it will ARP on the 'outside' interface - basically ask the router or bridge device what other IP addresses it can use. Most firewalls do something similiar to this now-a-days.
0
 
LVL 8

Assisted Solution

by:sstone55423
sstone55423 earned 800 total points
ID: 22682686
If you do the NAT, and then allow the appropriate ports through by access list (80, 443), then they will be able to get yo your web server by IP address.  If the IP addresses are static, you have no problems.  You might get a domain name assigned to the IP address to make it easier for users.  (dyndns.com is one of those).  
0
 
LVL 8

Expert Comment

by:sstone55423
ID: 22694531
How is it going?
0
 
LVL 1

Author Comment

by:rgoggins
ID: 22707997
Its working fine thanks for the help.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question