Multiple Public IP Addresses From Different Subnets On 1 Router
Feb 20, 2012
Is it possible to have multiple public IP addresses that are from different subnets going through one router? I have been told that this is not possible with most routers and that I would have to spend a lot of money on a router to be able to do it. I am still not totally clear on what defines a subnet even after reading up on them. What I am trying to achieve:
-My office has 10 computers.
-All would be connected to one router.
-My internet service provider has provided me with 10 public IP addresses, that are all very varied (which I asked for)
I've currently got my ASA (5505) serving a /28 public subnet. I've ran out of IPs, so my DC has issued me an additional /24 subnet that they have routed to my ASA. What needs to be done on my ASA so be able to use these new addresses? I've been trying to search and not been able to find a good answer (some say I shouldn't have to do anything, everything else references NATing, which I currently don't do and would rather not do).The servers I assign these to, I'd like them to have the public ip assigned directly to them.
I would like to configure an 877w I just bought. It's connecting to a UK ADSL2+ link.I'm a penetration tester and I want to put the Cisco router in front of my existing firewall which has an IPS on it, so that it doesn't get in the way of port scans and vulnerability scans. My ISP has issued me with 14 usable addresses a/240 subnet and basically I want to be able to use the route with just the public IP addresses. I have configured Cisco routers before, but never with this type of configuration. It's always been single public IP address NAT'd through to one or two internal LAN's.
It will be nice if I could assign the wireless and fast ethernet ports to the same VLAN using the public addresses. I don't want to use DHCP I'm quite happy statically assigning IP addresses to the computers wireless and LAN interfaces. I am reasonably certain this is possible because not sure how to do it and a little busy at the moment carrying out penetration tests.
If there are any small business routers that offer one-to-one NAT? I have several public IP addresses assigned to me by CenturyLink. I have two servers that provide email and web hosting for two different domains. I want to put the client machines on one VLAN (VLAN Z) and assign it a public IP address (to keep server traffic separate). I want to put each server on its own VLAN (VLANs X & Y) and assign each server its own public IP address. I need the router to be able to provide a firewall and port forwarding for each VLAN. I also need to be able to route traffic between VLANs so the clients on VLAN Z can access their email and the websites on VLANs X and Y. I also need to be able to route DNS traffic between VLANs so each server can provide name resolution for their respective domains.
So, is this possible with a small business router or do I need to look at something different? I'm fairly certain this configuration is not possible with my current Cisco RVS4000. What it boils down to is I need a router that is capable of having multiple public IP addresses on the same interface and to forward those public addresses to private VLAN subnets. This would be one-to-one NAT if I understand it correctly..
The client has a Cisco RVS4000. There are 3 Internet devices need to be accessed from the outside and will use one public IP for one device. I don't see any options to setup on Cisco RVS4000 to do 3 NATs. If Cisco RVS4000 doesn't work in this situation, which router will do?
I have a Netgear ProSafe VPN Firewall FVX538. But I also have 10 Public IP Addresses that I will like to setup for three web services. So how do I set this up. With multiple routers. Or can my Netgear FVX538 take multiple Public IP Addresses to the same ports. If not how can setup multiple routers. one being the main one.
I have a customer that has an RSV4000 Router. The customer has also purchased a block of 5 usable public IP addresses. I need to be able to assign these public IP addresses to printers either by configuring a static IP on each printer directly or thru IP mapping or some other method. Does the RSV4000 support using multiple public IP addresses and if so what configuration is needed in the router for the printers to be seen by the outside world.
I'm currently replacing my ASA 5505 with a 5510. I have a range of public IP addresses, one has been assigned to the outside interface by the setup wizard (e.g. 123.123.123.124 ) and another I would like to NAT to an internal server (e.g 192.168.0.3 > 123.123.123.125). On my asa 5505 this seemed fairly straigh forward, i.e. create an incoming access rule that allowed SMTP to 123.123.123.125 and then create a static nat to translate 192.168.0.3 to 123.123.123.125. Since I've tried to do the same on the 5510 traffic is not passing through so I'm assuming that the use of additional public IP addresses is not handled in the same way as the 5505? I also see that by default on the 5505, 2 VLANs are created, one for the inside and one for the outside, where as this is not the case on the 5510. Is the problem that VLANs or sub-interfaces need to be created first? I'm doing the config via ASDM.
Everything else seems to OK i.e. access to ASDM via 123.123.123.124, outbound PAT and the site-to-site VPN.
I have an exercise with picture you find below. The question is: Will the network shown in the diagram work correctly when you consider that the MAC-addresses PC0 and PC8 are the same, and why?
ASA 5585-x10, ver 9.1. I have about 10 public sub nets that will be used for NAT translation on the outside interface. These sub nets are different from the sub net the outside interface. Is there a way to advertise these routes using OSPF from the ASA?
I tried to redistribute a static route, but can't make the destination router an interface that is on the ASA. I don't own or control the upstream router.
I currently have my EA6500 behind verizon fios router. I have 5 static IP addresses assigned to FIOS router, however the machines I want to connect to are behing EA6500. It's a dual NAT scenario:
Public IP - FIOS Router - 192.168.1.0/24 network - EA6500 - 192.168.2.0/24 network
What I would like to do is for each public IP address, I would like to forward traffic to a particular host on 192.168.2.0 network. I can easily configure FIOS router for static NAT and assign one internal IP (from 192.168.1.0 range) for each public IP. However, I don't see a way to assign multiple IPs from 192.168.1.0 network to EA6500 internet interface.
I don't want to use EA6500 as a bridge as it will pretty much reduce my EA6500 to a very expensive GigE switch.
Is this possible? Or should I replace it with something more useful like a business router? This is for my home so I would like to avoid buying an expensive business router.
I just bought a Linksys EA6500 (AC 1750). Now after a week, seems to stop rresponding at times and I am get 5+ MAC Addresses from 1 IP address. I have only one NIC installed and it is configured to have a static IP.
See attached screen capture. ( Server-PC, IP: 192.168.1.130)
I have verizon fios business line with 5 static IP addresses and am configured for ethernet wan. I can use EA6500 as the router instead of using Verizon's own router, however I can't figure out how to assign all 5 static IP addresses on internet interface. I have already assigned first IP to internet interface but don't see a way to add more IPs either in internet interface or from NAT section where I can create static NAT.
Is it possible to have more public addresses to more internal addressees? I have an internet provider which is in control of my router and he is telling me it is not possible. It's a Cisco router and I have static IP address.
I have a Windows 7 Pro Desktop with an on-board Ethernet and an Axis USB To Ethernet adapter. The on board Ethernet is configured as dhcp and obtain the address 10.162.146.123 with 255.255.255.0 subnet. The Axis USB to Ethernet adapter is static ip configuration with 10.38.25.37 and 255.0.0.0 as subnet. Under the adv settings I have also another ip 11.38.25.37 with 255.0.0.0 subnet. When the Axis is communicating 10.38.0.1 network I can not access the internet using the on board Ethernet 10.162.146.123. I have to disable either one of the cards to access one network at a time.
I have this motorola sbv5121e modem. I can connect one PC to it directly. When I try to connect a secont PC, via a switch, it won't give out 2 IP addresses. Moreover, I see that the one IP address it does give out, is a public one (like 22.x.x.x). I'm on XP and show the addresses with ipconfig. Is this modem defective hardware-wise, or is some setting internally wrong? How can I see what the DHCP server does?
i have Cisco 1941(with security lic) and i have been asked to make a VPN with public IP addresses so there will be no info about internal networks. Other side has ASA 5520 and they provided me with 2 public IP addresses. i have done many different VPNs but this is first with public IP addresses and i cannot figure it out.So here is the question:
The thing is that I have private IP adresses on my LAN, and I have been issued a public IP network for my DMZ by my ISP.
Meaning I want to NAT my LAN but not my DMZ, but I can't seem to find a way in the 520 to do that. I can only find the oprion to turn off NAT all together.
I am setting up my home lab to practice and play around.I have VMWARE ESXi environment with two workstations as my servers.I would like to setup two domains with two domain controllers but i want each domain to have its own subnet.So this is my setup. I have Cable modem from cablevision , thay connects to my router which is Apple Airport which acts as the DHCP server. DNS server and default gateway. The network on the router is 10.0.1.xThen i have two switches . One is a 5 port unmanaged switch that connects to the three physical desktops .Then i have a Cisco small business switch SG200-08 that connects to my ESX servers and NAS. Now currently all is good and working but like i said all my machines physical or virtual get an IP that is 10.0.1.x and they get all this from the router. And i think i can setup two domains with two domain controllers without an issue and they will all get an IP address of 10.0.1.x. This is all good but i want to have one domain on one subnet and other on another so for example one domain will have 10.0.1.x and other 10.0.2.x. I am just not sure what i need to to get this setup like this. I know my SG200-08 supports vlans and i am pretty sure on the apple router you can only have one subnet i think. So can i do this with my current setup by setting up a DHCP server with two scopes ?
I have an ASA5510 that is connected to outside for WAN, inside for LAN (10.22.254.0/24), and a iSCSI switch plugged into Ethernet 0/3 (10.22.244.0/24). I can ping the Eth0/3 interface (10.22.244.1) but I can't ping across that interface from WAN or LAN side.
START CONFIGURATION ASA Version 9.1(1) ! hostname ASA5510
NAT command on 8.4? I am trying to PAT multipule Inside subnets to an IP address. With the example I found I can only PAT one subnet. If I do it the way I have below, it will end up with the last subnet (3.3.3.0) stay in the config. What is the best way of doing it? I have about 20 inside subnets I need to PAT.
Here's what I want to do with my RV042: I have a bunch of devices, including a server, inside my network at 192.168.1.100
I've set up VPN using PPTP. It works, but if my clients have their own remote DHCP set up to 192.168.1.x, they can't get to the server. If their home DHCP is 10.x.x.x., everything works
I am considering changing my internal network to something obscure.
My server has two NICs. So I thought, I why not set one address up to 10.x.x.x But the two nets can't ping each other. I tried using "multiple subnet" on the RV042, setting up 10.1.1.1, but no luck.
I am trying to figure out how this works. I have an ISP device that connects to my 1841. ISP and fa0/0 hold the /30 WAN addresses. Fa0/1 hold one of the public IPs, lets say 1.1.1.1/29. Then the outside interface of the ASA holds 1.1.1.2/29. Now I have two routes in the 1841, one for default route going back to the ISP device, and a route for the 1.1.1.0/29 network going to the ASA.Now I have 4 more publics I can use 1.1.1.3 - 6. I do not want to assign these IPs to the servers, but yet just NAT them. I know this is possible, but cant figureI took an internal host and did a one to one static NAT from private to public. Packet tracer says my NAT rules are ok. Allowed all IP traffic for testing and still can't ping the server.
I have a customer thats got a Linksys router now, that has a DMZ port.The DMZ port is configurede to it routes the extra public ip-adress to the DMZ port it has.At the DMZ port they have another router connected, where they routes the public ip-adresses på some other devices.How can i make this setup on a Cisco ASA 5505 (With the Security Plus licens)What i have to do is to replace the Linksys router, and make it so, so it works like it was before with the Linksys.
I just thought if it's possible to make sure that only approved IP addresses for each of divisions of a company can be used.How can I assign for a port one/more public addresses and be sure that only this port is using it/them. Thing is I have only one 24 bit public Network ID provided to me by ISP. One IP address of the range is used for ISP's gateway. So I have 253 addresses to be distributed among divisions. However to avoid IP address conflicts I have to be sure that only dedicated for a division IP address/es is/are used by the division.
I have set up a private domain network at home. I have a domain controller, a DNS server, and a DHCP server all running on one Windows 2003 Server machine. I have about 10 other machines around the house, getting their IP addresses from this DHCP server.
I have a Netgear WNDR3700 router.
I am about to get 5 public IP addresses from my ISP, and I would like to make some of these machines publicly accessible (while still accessible from the other machines in the network).
I found this link that says on my web server (one of the public machines), that I should use a second NIC and set that up to connect to my router (and get a private IP address from my DHCP server).
We have 4 RV 042 routers and cisco router at HQ, we have Site to Site VPN tunnels in between, All branch offices are connected to HQ via S2S VPN tunnels
now lets say i am branch 1, i can access 10.10.1.0/24 network but cant access 10.10.5.0/24 network, means i dont have branch to branch connection, it should be through HQ, means my RV042 at brnach should fwd all traffic to HQ for another branches also. Under VPN tunnel if i try to configure remote destination 10.10.0.0/21 its not allowing me it says network overlaping with local network, how i can sole it, I know how to do in cisco, we can permit those networks in access lists.
I have an existing pair of PIX 515E that has two interfaces. One connected to the public internet via my ISP and one internal. I recently ran out of IP's and had the ISP route an additional block to public IP of my firewall. This isn't working for some reason and I'm trying to figure out why.
The "ip address outside XXX" command defines the outside address and I don't see any way to add a secondary sub net.
I tried just adding a rule to the firewall for one of the IP's in the new subnet, but I can't seem to get traffic to pass though the device.
home router is a wrt160n v3 With my iPad I set up the built in IPSec VPN to my office's cisco gateway. I successfully get the VPN logo. With an RDP app, i can access my work network from multiple public locations from my iPad. At home, on my laptop, I start the cisco client then use the windows rdp, presto i'm in my work network. At home on my iPad I can activate the VPN, but I can not connect with rdp. I spoke with linksys support tonight they had me add port 3389 to port range triggering and disable the firewall on the home router. This didn't solve the problem. To recap: 1) I can connect to my work network with rdp from multiple public locations, but not at home with the iPad 2) I can connect to my work network at home with my laptop with the cisco client ant the windows rdp
We have Point to point T1 environment where 3 additional WAN sites get internet access through our RV042. When we setup load balancing we have problems with https traffic, so we setup protocol binding for https and everything worked great from the local LAN. When trying to access https content from the remote LAN across the WAN the sites failed and I see no option to add additional subnets to the protocol binding. Is there a command line feature that supports adding additional subnets for protocol binding or is the local LAN the only option?
The ASA device is going to be the gateway for multiple distinct inside IP subnets. We can have have a unique outside IP address to correspond to each inside IP subnet if needed, but we need some means for a VPN client or a site-to-site VPN to have acess to a pre-definied IP subnet (i.e. if customer A establishes a VPN connection, they have connectivity to IP subnet X; customer B establishes a VPN connection, they have connectivity to IP subnet Y, etc.).Currently, the two inside IP subnets are 10.10.0.0/16 and 10.20.0.0/16. We will be adding more.The problem we are facing is that we cannot reach the VLAN 201 from the ASA we believe this is because. I have setup two addresses on port 0/1 Vlan1, 10.10.20.2 and 10.20.20.1 as an alias. How can we make traffic for the 10.10.0.0/16 subnet untagged and traffic for the 10.20.0.0/16 subnet tagged for VLAN 201.
