Skip navigation.
Home

Peculiar Configuration for Cisco 515E

Hello All,

I have new cisco 515E firewall.
I have some production servers that are using public ip's.
I can't change the public ip of these servers but i need to put these servers behind the cisco firewall.

I have two x.x.x.x/23 networks that need to access these servers.

I am able to configure the cisco interface1 with a valid public ip. But when i configure the Interface2, i get a prompt that the device can't use same network.

This is what i am interested in doing.

1)Assign a public ip to interface1 on Cisco (call it LAN)

2) Assign a public ip to interface2 on cisco (call it WAN)

(These public ip's will be from the same building where the production servers are placed)

3) Route the traffic that comes from the wan to the lan and thus to the production servers.

Will this configuration work, please let me know.

Re:Peculiar Configuration for Cisco 515E

Problem:
I am able to configure the cisco interface1 with a valid public ip. But when i configure the Interface2, i get a prompt that the device can't use same network.

Possible Solution: It is giving you a error message possibly because both the IP Addresses for the two interfaces belong to the same network. You can break this down by either using a smaller subnet mask such that the two ip addresses assigned to both the networks wont belong to same network.

There is another way of doing this also:

2) Assign a public ip to interface2 on cisco (call it WAN)
------You can do this, assign public address to WAN interface.

1)Assign a public ip to interface1 on Cisco (call it LAN)

----- You can assign private address space to this interface and use NAT (statics as Cisco calls it).So far as you have statics in place, outside (internet) can access any server in your LAN.
For communication between WAN and LAN, again you can set up statics. This is recommended, because not only will this save you address public addresses, but will also hide your internal network address from outside.

Typically you need to assign public address only for your External (outside) interface. Everything else you can assign private addresses and use statics and NATs and globals.

Routes - The networks belonging to the interface will automatically create routing table showing as directly connected. For others, you can assign static routes.

Search



 

Web

www.secmanager.com