Cisco 877 Router -- Multiple IP Addresses

Cisco 877 Router -- Multiple IP Addresses
NewsGroups | Search | Tools
User Password
Register Now! Lost Password?
 comp.dcom.sys.cisco  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
Cisco 877 Router -- Multiple IP Addresses Vincent 06-24-2008
Posted by Vincent on June 24, 2008, 12:42 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I'm a bit of a novice with Cisco routers, so please forgive me if
I do not explain this clearly. Our company has a T1 line that
connects through our Cisco 877 router. We have been given a block of
public IP addresses (3 I think), but are currently only using one of
these addresses. We would like to use one of the other public IP
addresses for our ftp server. I already know how to port forward the
traffic to the secondary IP address, like so:

ip nat inside source static tcp x.x.x.x 21 x.x.x.x 21 extendable

But, if I do this, the ip inspection rules that are being applied
to the public IP address I use now (x.x.x.y) are not being applied to
this connection. In particular:

ip inspect name CBAC-FTP ftp

interface FastEthernet 4
ip address x.x.x.y 255.255.255.248
....
ip inspect CBAC-FTP in

I have read that you can add a secondary ip address to the same
interface. Is this what I would have to do in this situation or is
there another preferred method of handling this?

interface FastEthernet 4
ip address x.x.x.y 255.255.255.248
ip address x.x.x.x 255.255.255.248 secondary (Should I do this?)

Thank you for your assistance.

Vincent

Spring Sale Save 20% Banner - Sale Ended 5/3/07 So Updated to NonPromo Ad
Posted by J.Cottingim on June 24, 2008, 8:10 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> =A0 =A0 =A0I'm a bit of a novice with Cisco routers, so please forgive me=
if
> I do not explain this clearly. =A0Our company has a T1 line that
> connects through our Cisco 877 router. =A0We have been given a block of
> public IP addresses (3 I think), but are currently only using one of
> these addresses. =A0We would like to use one of the other public IP
> addresses for our ftp server. =A0I already know how to port forward the
> traffic to the secondary IP address, like so:
>
> ip nat inside source static tcp x.x.x.x 21 x.x.x.x 21 extendable
>
> =A0 =A0 =A0But, if I do this, the ip inspection rules that are being appl=
ied
> to the public IP address I use now (x.x.x.y) are not being applied to
> this connection. =A0In particular:
>
> ip inspect name CBAC-FTP ftp
>
> interface FastEthernet 4
> =A0 ip address x.x.x.y 255.255.255.248
> =A0 ....
> =A0 ip inspect CBAC-FTP in
>
> =A0 =A0 =A0I have read that you can add a secondary ip address to the sam=
e
> interface. =A0Is this what I would have to do in this situation or is
> there another preferred method of handling this?
>
> interface FastEthernet 4
> =A0 ip address x.x.x.y 255.255.255.248
> =A0 ip address x.x.x.x 255.255.255.248 secondary (Should I do this?)
>
> =A0 =A0 =A0Thank you for your assistance.
>
> Vincent

Vincent,
You don't have to add a secondary ip to the outside interface.
Adding the "ip inspect" CBAC-FTP in" command to the Fa4 interface will
inspect the FTP traffic coming into the interface.

What you have there seems to be correct.
What leads you to believe that the traffic coming in the interface is
not being inspected?

-JC

Posted by Vincent on June 24, 2008, 8:22 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
>
>
>
>
>
> > =A0 =A0 =A0I'm a bit of a novice with Cisco routers, so please forgive m=
e if
> > I do not explain this clearly. =A0Our company has a T1 line that
> > connects through our Cisco 877 router. =A0We have been given a block of
> > public IP addresses (3 I think), but are currently only using one of
> > these addresses. =A0We would like to use one of the other public IP
> > addresses for our ftp server. =A0I already know how to port forward the
> > traffic to the secondary IP address, like so:
>
> > ip nat inside source static tcp x.x.x.x 21 x.x.x.x 21 extendable
>
> > =A0 =A0 =A0But, if I do this, the ip inspection rules that are being app=
lied
> > to the public IP address I use now (x.x.x.y) are not being applied to
> > this connection. =A0In particular:
>
> > ip inspect name CBAC-FTP ftp
>
> > interface FastEthernet 4
> > =A0 ip address x.x.x.y 255.255.255.248
> > =A0 ....
> > =A0 ip inspect CBAC-FTP in
>
> > =A0 =A0 =A0I have read that you can add a secondary ip address to the sa=
me
> > interface. =A0Is this what I would have to do in this situation or is
> > there another preferred method of handling this?
>
> > interface FastEthernet 4
> > =A0 ip address x.x.x.y 255.255.255.248
> > =A0 ip address x.x.x.x 255.255.255.248 secondary (Should I do this?)
>
> > =A0 =A0 =A0Thank you for your assistance.
>
> > Vincent
>
> Vincent,
> You don't have to add a secondary ip to the outside interface.
> Adding the "ip inspect" CBAC-FTP in" command to the Fa4 interface will
> inspect the FTP traffic coming into the interface.
>
> What you have there seems to be correct.
> What leads you to believe that the traffic coming in the interface is
> not being inspected?
>
> -JC- Hide quoted text -
>
> - Show quoted text -

JC,

The traffic coming into the Fa4 interface IS being inspected on
the IP address assigned to this interface (x.x.x.x), but it IS NOT on
the IP address that is being port forwarded (x.x.x.y). If I try to
perform passive ftp over x.x.x.x, it works correctly but it does not
over x.x.x.y. I hope I explained this somewhat clearly.

Vincent

Similar ThreadsPosted
Cisco 871 Router - Multiple IP Addresses June 27, 2007, 11:51 am
multiple IP addresses on Cisco PIX March 16, 2005, 3:24 pm
Cisco 871: FTP & Multiple IP Addresses November 10, 2008, 12:24 pm
Cisco 871w and multiple public ip-addresses September 21, 2007, 2:31 pm
hsrp and multiple addresses October 14, 2005, 8:35 pm
Multiple IP addresses for Dialer0 July 16, 2007, 9:48 pm
SOHO91/Multiple public ip addresses August 22, 2006, 10:12 am
ASA 5505: Multiple NAT statements for specific IP addresses October 19, 2008, 6:21 am
Cisco 815 Router Multiple VPN connections May 1, 2007, 9:53 am
Cisco router with multiple paths non BGP & failover mode July 2, 2007, 6:45 pm

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map