Solved

assigning WAN ips to servers behind cisco router, and comcast modem

Posted on 2012-12-28
3
827 Views
Last Modified: 2012-12-29
I just signed up with Comcast business class internet and got a block of 13 static IP addresses. I plan on using a separate Cisco RV016 business router that has a lot of functions. I logged into the Cisco router and assigned the first static IP address in the block ending in 50.xx.xx.33 to the router itself. After that I went to the Comcast modem/router and went under the firewall tab and turned on DMZ mode for that IP address, and turned off DHCP mode. I went back to the Cisco router and it seems to be working great. I have a few computers connected and they all have their LAN addresses and I even setup a couple of wireless routers as access points and they are working great as well. The problem is that I have some servers here that I am going to be using as web servers and I need to assign them WAN ip addresses. I went into server 1 and assigned the 2nd static IP in the block to it but it can't see the internet. I can't ping out, or anything. I tried turning off the firewall in the Cisco router, among other things and nothing works. If I unplug the ethernet cord from the Cisco router and plug right into the Comcast modem/router it works perfect and can ping google no problem. I have no idea what to do to fix this. How do I assign my static WAN ip's to my servers using this Cisco router? I may not be understanding this right but I want to create separate VLAN's for each server with a WAN IP address. For example: I want to create VLAN 1 and assign it to port 1 on the front of the Cisco router. I want to plug server 1 into that port and have it setup with a static WAN IP. I want to do that with about 5-6 servers, each with their own VLAN, and WAN IP address. so they are not able to communicate internally here. I have a feeling thats not the way it works but it gives you an idea of what my goals are. Thanks for your help.
0
Comment
Question by:cbruinooge2
3 Comments
 
LVL 4

Accepted Solution

by:
tpitch-ssemc earned 500 total points
Comment Utility
You will either want to configure a DMZ in your firewall or create one static NAT per server. I'd discourage you from plugging your servers into the Internet directly.

Basically with the static NAT approach you'll say anything coming form 192.168.1.20 will have the public address 50.83.12.34. Then create an access rule granting traffic destin for 50.83.12.34 to be allowed (or denied, however you wish).

For example I have a server that resides on 192.168.1.20 has a static NAT to 123.123.123.123. So the Internet will see it as 123.123.123.123 and not as it sees my desktops. Then I configure inbound access rules to grant traffic coming from the Internet with a destination of 123.123.123.123 on port 443 access. The firewall at that point looks to see where 123.123.123.123 is NAT'ed to and route the traffic accordingly.

Your DMZ method is going to work very similar to the above instructions, just it will be on it's own VLAN away from your production network.
0
 

Author Comment

by:cbruinooge2
Comment Utility
I understand your concept, however I am going to be installing cPanel on each of these servers and they say that I MUST assign my server with a WAN itself. Here is the exact wording from their site:

"Because cPanel is designed for commercial hosting, we only license publicly visible, static IP addresses. We do not license dynamic, sticky, or internal IPs.
You should not use NAT when configuring your network settings. Your server should have its own public IP address."

Can I still do what your saying or do you have another idea? Thanks.
0
 
LVL 15

Expert Comment

by:Frabble
Comment Utility
Servers need to be configured with a public IP address in the one IP subnet and are required to be "isolated" from each other; you need a device that supports private VLANs.
The Cisco RV016 won't do this for you, an enterprise level switch is required.
Check out:
http://blog.internetworkexpert.com/2008/07/14/private-vlans-revisited/

As mentioned at the above link, there is the basic protected port or “Private VLAN edge". In the Cisco Small Business range, the Series 300 supports this.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

this article is a guided solution for most of the common server issues in server hardware tasks we are facing in our routine job works. the topics in the following article covered are, 1) dell hardware raidlevel (Perc) 2) adding HDD 3) how t…
Learn about cloud computing and its benefits for small business owners.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now