?
Solved

Presenting multiple public IP addresses on a single firewall interface.

Posted on 2008-10-08
7
Medium Priority
?
1,776 Views
Last Modified: 2013-12-25
We have a firewall with a web facing interface of 150.x.x.a
We have purchased several other public ips, 150.x.x.b and 150.x.x.c
How do I make 150.x.x.b available on our firewalls external interface?
I intend to NAT 150.x.x.b to an internal IP address (web server) .

So basically I want to be able to access this internal webserver by entering a different 150.x.x.b
Do we get our ISP to route 150.x.x.b to our firewall external ip address 150.x.x.a, and simply use a static nat?

0
Comment
Question by:rgoggins
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 8

Expert Comment

by:sstone55423
ID: 22675475
WHat kind of firewall?  The firewall needs to be configured to NAT the available IP addresses in the range you purchased.  Different firewalls do that in different ways.
0
 
LVL 1

Author Comment

by:rgoggins
ID: 22675510
Hi,

 its a Cisco ASA 5510 Series.
I have no problem with configuring the NAT. What I really want to know is about the routing?

 Do we just get our ISP to route 150.x.x.b to our current external IP 150.x.x.a and then configure the NAT to our internal server. Is that all that is required to make this web server accessable using 150.x.x.b ?

Thanks,
0
 
LVL 4

Accepted Solution

by:
urgoll earned 800 total points
ID: 22675563
Hello,
assuming 150.x.x.a, 150.x.x.b and 150.x.x.c are all on the same subnet, then you ISP already knows how to route them to you. All you need is to setup a static NAT to your internal server, configure your ACL to allow incoming traffic (if that's the intended purpose) and you are done.

If 150.x.x.b and 150.x.x.c are on a different subnet than 150.x.x.a, then yes you need to have your ISP route those to 150.x.x.a. Otherwise, the NAT and ACL configuration on the ASA is identical.

Hope this helps,
Christophe
0
Get MySQL database support online, now!

At Percona’s web store you can order your MySQL database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card.

 
LVL 6

Assisted Solution

by:Gunter17
Gunter17 earned 400 total points
ID: 22680839
The magic happening here with the ASA is called proxy arp, it will ARP on the 'outside' interface - basically ask the router or bridge device what other IP addresses it can use. Most firewalls do something similiar to this now-a-days.
0
 
LVL 8

Assisted Solution

by:sstone55423
sstone55423 earned 800 total points
ID: 22682686
If you do the NAT, and then allow the appropriate ports through by access list (80, 443), then they will be able to get yo your web server by IP address.  If the IP addresses are static, you have no problems.  You might get a domain name assigned to the IP address to make it easier for users.  (dyndns.com is one of those).  
0
 
LVL 8

Expert Comment

by:sstone55423
ID: 22694531
How is it going?
0
 
LVL 1

Author Comment

by:rgoggins
ID: 22707997
Its working fine thanks for the help.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Make the most of your online learning experience.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month8 days, 12 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question