Solved

Presenting multiple public IP addresses on a single firewall interface.

Posted on 2008-10-08
7
1,755 Views
Last Modified: 2013-12-25
We have a firewall with a web facing interface of 150.x.x.a
We have purchased several other public ips, 150.x.x.b and 150.x.x.c
How do I make 150.x.x.b available on our firewalls external interface?
I intend to NAT 150.x.x.b to an internal IP address (web server) .

So basically I want to be able to access this internal webserver by entering a different 150.x.x.b
Do we get our ISP to route 150.x.x.b to our firewall external ip address 150.x.x.a, and simply use a static nat?

0
Comment
Question by:rgoggins
7 Comments
 
LVL 8

Expert Comment

by:sstone55423
ID: 22675475
WHat kind of firewall?  The firewall needs to be configured to NAT the available IP addresses in the range you purchased.  Different firewalls do that in different ways.
0
 
LVL 1

Author Comment

by:rgoggins
ID: 22675510
Hi,

 its a Cisco ASA 5510 Series.
I have no problem with configuring the NAT. What I really want to know is about the routing?

 Do we just get our ISP to route 150.x.x.b to our current external IP 150.x.x.a and then configure the NAT to our internal server. Is that all that is required to make this web server accessable using 150.x.x.b ?

Thanks,
0
 
LVL 4

Accepted Solution

by:
urgoll earned 200 total points
ID: 22675563
Hello,
assuming 150.x.x.a, 150.x.x.b and 150.x.x.c are all on the same subnet, then you ISP already knows how to route them to you. All you need is to setup a static NAT to your internal server, configure your ACL to allow incoming traffic (if that's the intended purpose) and you are done.

If 150.x.x.b and 150.x.x.c are on a different subnet than 150.x.x.a, then yes you need to have your ISP route those to 150.x.x.a. Otherwise, the NAT and ACL configuration on the ASA is identical.

Hope this helps,
Christophe
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 6

Assisted Solution

by:Gunter17
Gunter17 earned 100 total points
ID: 22680839
The magic happening here with the ASA is called proxy arp, it will ARP on the 'outside' interface - basically ask the router or bridge device what other IP addresses it can use. Most firewalls do something similiar to this now-a-days.
0
 
LVL 8

Assisted Solution

by:sstone55423
sstone55423 earned 200 total points
ID: 22682686
If you do the NAT, and then allow the appropriate ports through by access list (80, 443), then they will be able to get yo your web server by IP address.  If the IP addresses are static, you have no problems.  You might get a domain name assigned to the IP address to make it easier for users.  (dyndns.com is one of those).  
0
 
LVL 8

Expert Comment

by:sstone55423
ID: 22694531
How is it going?
0
 
LVL 1

Author Comment

by:rgoggins
ID: 22707997
Its working fine thanks for the help.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
CMDB relationships for hardware assets 2 75
Firewall report connections 8 75
No Wireless Networks Visible In Windows 10 7 52
How to safely test out TFTP server software 12 64
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question