Solved

Presenting multiple public IP addresses on a single firewall interface.

Posted on 2008-10-08
7
1,754 Views
Last Modified: 2013-12-25
We have a firewall with a web facing interface of 150.x.x.a
We have purchased several other public ips, 150.x.x.b and 150.x.x.c
How do I make 150.x.x.b available on our firewalls external interface?
I intend to NAT 150.x.x.b to an internal IP address (web server) .

So basically I want to be able to access this internal webserver by entering a different 150.x.x.b
Do we get our ISP to route 150.x.x.b to our firewall external ip address 150.x.x.a, and simply use a static nat?

0
Comment
Question by:rgoggins
7 Comments
 
LVL 8

Expert Comment

by:sstone55423
ID: 22675475
WHat kind of firewall?  The firewall needs to be configured to NAT the available IP addresses in the range you purchased.  Different firewalls do that in different ways.
0
 
LVL 1

Author Comment

by:rgoggins
ID: 22675510
Hi,

 its a Cisco ASA 5510 Series.
I have no problem with configuring the NAT. What I really want to know is about the routing?

 Do we just get our ISP to route 150.x.x.b to our current external IP 150.x.x.a and then configure the NAT to our internal server. Is that all that is required to make this web server accessable using 150.x.x.b ?

Thanks,
0
 
LVL 4

Accepted Solution

by:
urgoll earned 200 total points
ID: 22675563
Hello,
assuming 150.x.x.a, 150.x.x.b and 150.x.x.c are all on the same subnet, then you ISP already knows how to route them to you. All you need is to setup a static NAT to your internal server, configure your ACL to allow incoming traffic (if that's the intended purpose) and you are done.

If 150.x.x.b and 150.x.x.c are on a different subnet than 150.x.x.a, then yes you need to have your ISP route those to 150.x.x.a. Otherwise, the NAT and ACL configuration on the ASA is identical.

Hope this helps,
Christophe
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 6

Assisted Solution

by:Gunter17
Gunter17 earned 100 total points
ID: 22680839
The magic happening here with the ASA is called proxy arp, it will ARP on the 'outside' interface - basically ask the router or bridge device what other IP addresses it can use. Most firewalls do something similiar to this now-a-days.
0
 
LVL 8

Assisted Solution

by:sstone55423
sstone55423 earned 200 total points
ID: 22682686
If you do the NAT, and then allow the appropriate ports through by access list (80, 443), then they will be able to get yo your web server by IP address.  If the IP addresses are static, you have no problems.  You might get a domain name assigned to the IP address to make it easier for users.  (dyndns.com is one of those).  
0
 
LVL 8

Expert Comment

by:sstone55423
ID: 22694531
How is it going?
0
 
LVL 1

Author Comment

by:rgoggins
ID: 22707997
Its working fine thanks for the help.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now