Break up public IP's on router?

Posted on 2011-10-20
Last Modified: 2012-08-13
I have one router with the public IP's used as shown below. My goal is to give one of the servers on FE0/1 its own public IP, then have the router NAT to that device. I have several unused IPs on FE0/0. How could I do that utilizing what I have available?

interface Multilink1
description TO ISP
  ip address

interface FastEthernet0/0
  ip address

interface FastEthernet0/1
 ip address
Question by:First Last
    LVL 17

    Accepted Solution

    all you need to do is set up the NAT, e.g.

    ip nat inside source static ext

    (don't forget the "ip nat inside" and "ip nat outside" on the LAN/provider facing interfaces)

    Also, you could move the server network to some other RFC network and do NAT for them too, maybe cutting it down to just PAT ... also I recon you'll need an outgoing nat overload to allow internal boxes access to the internet?
    Apart from that, I'd suggest adding a decent firewall, possibly with IDS, to protect the systems accessible from the internet from attacks ...
    LVL 25

    Assisted Solution

    by:Fred Marshall
    Why do you want to NAT to a public range?  Why not just route?  The reason revealed may help with answers.

    Seems like a waste of public addresses to me!  That's because the outside public address is all that's seen on the outside.  So why not make those internal addresses private ones since they're invisible anyway?  At least then I'd understand why you'd need NAT there.

    This often gets involved with the model of router you have.
    In a Cisco RV042, for example, the device can be set up in "Gateway" mode (which means NAT) and "Router" mode (which means "no NAT").  

    See Scenario 3 at

    LVL 1

    Author Closing Comment

    by:First Last

    Your question: also I recon you'll need an outgoing nat overload to allow internal boxes access to the internet?

    My Answer: Actually, this router sends everything to another device for internet access. Kind of strange, but I'm working on fixing that later.

    Your Suggestion: I'd suggest adding a decent firewall, possibly with IDS,

    My Feedback: Yes, we actually have a large ASA and IDS that we use for internet filtering. What I was trying to do is move some items from other office locations to this router. Then i'll migrate over to the firewall later. I don't spend much time doing cisco so I try to break it into smaller pieces especially when it comes to migrating services. So far i've had no availability problems, but things do take a bit longer.


    Your question: Why do you want to NAT to a public range?  Why not just route?

    My Answer: I have the availble IP's and wanted to visually keep things separate for my own well being. That way I can say this IP is for X and another is for Y. Also, when I migrate everything over later I think it would be easier on me. If i was more experienced then I definately would do as you suggested. Until that time I break things out very small and try to keep separation.

    Here is the configuration I added to make it work:

    ip nat inside source static tcp 443 extendable

    ip access-list extended ExpertsExchange
     permit tcp host eq 443 any

    route-map external permit 90
     match ip address ExpertsExchange
     set ip next-hop

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free camera licenses with purchase of My Cloud NAS

    Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

    Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
    Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now