[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 481
  • Last Modified:

Redirecting ip on cisco switches or firewall

Hi,

Most of the users in my company uses a application hosted in a unix server that is accessible via telnet. So all theses users do is open this telnet application that have the ip already programmed in it. Lets called it 1.2.3.4.
I need to change the ip of this unix server to 1.2.3.5 but i dont want to go around and change the ip in every telnet application in every desktop.
I know a number of things that can be done, but i just got thinking of this scenario.

My network consists of layer 3 cisco switches and one main pix firewal. 515

Can any of these devices do something like:

When the user initiates the connection to 1.2.3.4 it knows it should redirect to 1.2.3.5 ???

Do you think that is do-able ?

Please let me kno
0
iFroyd
Asked:
iFroyd
1 Solution
 
jordanrogCommented:
I don't think that this is what you are looking for but it might help you a little with some ideas about how to go about it. Really just a shot in the dark.

"In PIX 6.0, the Port Redirection(Forwarding) feature was added to allow outside users to connect to a particular IP address/port and have the PIX redirect the traffic to the appropriate inside server; the static command was modified. The shared address can be a unique address, a shared outbound PAT address, or shared with the external interface."

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aad.shtml
0
 
packetguyCommented:
Are the users also on the 1.2.3.x network? If so, there isn't really anything you can do, since they are using layer 2, not layer 3, to communicate to the server. If they are on a different network you could configure a NAT policy in the gateway device to the 1.2.3.x network that NATs 1.2.3.4 traffic to 1.2.3.5. That's pretty ugly, though, and you might consider just taking this as an opportunity to configure all users to use a DNS name rather than a hard-coded IP address. Then you'll never have this problem again.
0
 
iFroydAuthor Commented:
I agree, i have thought about many ways on how to resolve that with minimum disruption to the users, but i completely disagree in leaving users connecting to things with hard coded ips. The only reason this would be a "nice to have" it;s because i could address changing from ip to name after.

Thank you.
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now