assigning WAN ips to servers behind cisco router, and comcast modem

Posted on 2012-12-28
Medium Priority
Last Modified: 2012-12-29
I just signed up with Comcast business class internet and got a block of 13 static IP addresses. I plan on using a separate Cisco RV016 business router that has a lot of functions. I logged into the Cisco router and assigned the first static IP address in the block ending in 50.xx.xx.33 to the router itself. After that I went to the Comcast modem/router and went under the firewall tab and turned on DMZ mode for that IP address, and turned off DHCP mode. I went back to the Cisco router and it seems to be working great. I have a few computers connected and they all have their LAN addresses and I even setup a couple of wireless routers as access points and they are working great as well. The problem is that I have some servers here that I am going to be using as web servers and I need to assign them WAN ip addresses. I went into server 1 and assigned the 2nd static IP in the block to it but it can't see the internet. I can't ping out, or anything. I tried turning off the firewall in the Cisco router, among other things and nothing works. If I unplug the ethernet cord from the Cisco router and plug right into the Comcast modem/router it works perfect and can ping google no problem. I have no idea what to do to fix this. How do I assign my static WAN ip's to my servers using this Cisco router? I may not be understanding this right but I want to create separate VLAN's for each server with a WAN IP address. For example: I want to create VLAN 1 and assign it to port 1 on the front of the Cisco router. I want to plug server 1 into that port and have it setup with a static WAN IP. I want to do that with about 5-6 servers, each with their own VLAN, and WAN IP address. so they are not able to communicate internally here. I have a feeling thats not the way it works but it gives you an idea of what my goals are. Thanks for your help.
Question by:cbruinooge2
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Accepted Solution

tpitch-ssemc earned 1500 total points
ID: 38728297
You will either want to configure a DMZ in your firewall or create one static NAT per server. I'd discourage you from plugging your servers into the Internet directly.

Basically with the static NAT approach you'll say anything coming form will have the public address Then create an access rule granting traffic destin for to be allowed (or denied, however you wish).

For example I have a server that resides on has a static NAT to So the Internet will see it as and not as it sees my desktops. Then I configure inbound access rules to grant traffic coming from the Internet with a destination of on port 443 access. The firewall at that point looks to see where is NAT'ed to and route the traffic accordingly.

Your DMZ method is going to work very similar to the above instructions, just it will be on it's own VLAN away from your production network.

Author Comment

ID: 38728310
I understand your concept, however I am going to be installing cPanel on each of these servers and they say that I MUST assign my server with a WAN itself. Here is the exact wording from their site:

"Because cPanel is designed for commercial hosting, we only license publicly visible, static IP addresses. We do not license dynamic, sticky, or internal IPs.
You should not use NAT when configuring your network settings. Your server should have its own public IP address."

Can I still do what your saying or do you have another idea? Thanks.
LVL 15

Expert Comment

ID: 38728904
Servers need to be configured with a public IP address in the one IP subnet and are required to be "isolated" from each other; you need a device that supports private VLANs.
The Cisco RV016 won't do this for you, an enterprise level switch is required.
Check out:

As mentioned at the above link, there is the basic protected port or “Private VLAN edge". In the Cisco Small Business range, the Series 300 supports this.

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month13 days, 15 hours left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question