Question:
I have looked
for Cisco 3560X Price a definitive answer on this and while there are many discussions on this I
have still not found a good way to do the following.
We have been
granted 5 Ip addresses from the provider (/29) we have 4 internal web servers.
We would like to map address1 to server 1 address 2 to server 2 address 3 to
server 3 address 4 to server 4 and address 5 would be the public ip that users
surf out on. I want to make sure that these servers always use the same IP
address.... Sounds simple and logical but it is proving more difficult than
anticipated. I have seen suggestions for secondary iddresses on WAN interface
but that won't help with the 1:1 mapping of server to ip address. I have seen
some suggestions on doing 5 different NAT pools (Which seems promising) but
when I try to put 1 single address in a NAT pool (IP nat pool test
12.111.112.113 12.111.112.113 netmask 255.255.255.255) it tells me the minimum
mask should be a 255.255.255.252...
Logically in my
head I think it would make sense to have 5 NAT pools each triggered by an ACL
that defines the specific server but can't seem to get around this issue.....
ANY Thoughts or
suggestions are most welcome.... Any other designs or creative ways to approach
this are appreciated.
Answer:
if I get your meaning
on this I haven't seen a lot of discussion on this topic; however I have this
running on my own network. Essentially you want one address assigned to each
server which you can do through a NAT inside source command, this will send the
packet to the correct server. However when that server replies it will exit
through the default nat pool and the address assigned to it. This is
unacceptable for most Internet protocols since the host that sent the packet is
receiving a response from another IP address.
In order to
make this work you will need to create a NAT pool for each public address you
want to use, for instance:
ip nat pool
<name1> 123.123.123.98 123.123.123.98 netmask 255.255.255.248
ip nat pool
<name2> 123.123.123.99 123.123.123.99 netmask 255.255.255.248
ip nat pool
<name3> 123.123.123.100 123.123.123.100 netmask 255.255.255.248
ip nat pool
<name4> 123.123.123.101 123.123.123.101 netmask 255.255.255.248
Next you will
need to assign an access list to each of these NAT pools with the following
commands
ip nat inside
source list 101 interface GigabitEthernet0/1 overload <-------<Default
NAT translation>
ip nat inside
source list 102 pool <name1> overload
ip nat inside
source list 103 pool <name2> overload
ip nat inside
source list 104 pool <name3> overload
ip nat inside
source list 105 pool <name4> overload
The secret to
making this work is building the access list correctly, what I generally will
do is I will create a private address space on the lan to assign each public
address to, for instance I will segment the network into blocks of 16 private
addresses to each public address except for the default pool which is generally
what is left over. For instance I will segment the network like this:
.
Given this the
assess list would look something like this:
access-list 101
deny ip 10.10.10 .16
0.0.0.15 any
access-list 101
deny ip 10.10.10 .32
0.0.0.15 any
access-list 101
deny ip 10.10.10 .48
0.0.0.15 any
access-list 101
deny ip 10.10.10 .64
0.0.0.15 any
access-list 101
permit ip 10.10.10 .0 0.0.0.255 any
access-list 102
deny ip 10.10.10 .32
0.0.0.15 any
access-list 102
deny ip 10.10.10 .48
0.0.0.15 any
access-list 102
deny ip 10.10.10 .64
0.0.0.15 any
access-list 102
permit ip 10.10.10 .16 0.0.0.15 any
access-list 103
deny ip 10.10.10 .48
0.0.0.15 any
access-list 103
deny ip 10.10.10 .64
0.0.0.15 any
access-list 103
permit ip 10.10.10 .32.0 0.0.15 any
access-list 104
deny ip 10.10.10 .64
0.0.0.15 any
access-list 104
permit ip 10.10.10 .48 0.0.0.15 any
access-list 105
permit ip 10.10.10 .64 0.0.0.15 any
This should
accomplish what you are looking for, if you want to have multiple servers on an
IP this becomes easy. Just assign a private address within the range you want
for the given public Cisco 3560X address.
没有评论:
发表评论