Announcement

Collapse
No announcement yet.

Help with adding 2 internet ip addresses to Cisco 837 router

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Help with adding 2 internet ip addresses to Cisco 837 router

    I am very new to Cisco routers, it would be great if u could spell out the commands I need to execute to configure a Cisco 837 router to have 2 internet ip addresses. A friend of mine has a 837 router with a Citrix Acces Gateway sitting behind its firewall. At the moment port 443 is forwarded from the internet to the Citrix Access Gateway via a port forwarding rule on the 837 router. They would like to use OWA (Outlook Web Access) via https (port 443)but because all traffic to 443 is currently forwarded to the Citrix Access Gateway, OWA does not work. I have considered running OWA ssl on another port but this causes problems when you are trying to access it from behind a proxy server ie: some proxies only proxy port 80 and 443.
    My ISP can provide me with 2 static internet ip addresses what I would like to do is forward all traffic on port 443 on 1 internet ip address to the Citrix Access Gateway (192.168.100.14) and forward all traffic on port 443 on the 2nd internet address to OWA (192.168.100.10). I have included the running config.
    THANKS IN ADVANCE FOR ALL YOUR HELP.

    Building configuration...
    Current configuration : 3408 bytes
    !
    version 12.3
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    service password-encryption
    !
    hostname XXXXXXXXXX
    !
    boot-start-marker
    boot-end-marker
    !
    no logging buffered
    enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/
    !
    username XXXXXXXXXXXX privilege 15 password 7 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    no aaa new-model
    ip subnet-zero
    ip name-server XXX.XXX.XXX.XXX
    ip name-server XXX.XXX.XXX.XXX
    ip dhcp excluded-address 10.10.10.1
    !
    !
    ip inspect name myfw cuseeme timeout 3600
    ip inspect name myfw ftp timeout 3600
    ip inspect name myfw rcmd timeout 3600
    ip inspect name myfw realaudio timeout 3600
    ip inspect name myfw smtp timeout 3600
    ip inspect name myfw tftp timeout 30
    ip inspect name myfw udp timeout 15
    ip inspect name myfw h323 timeout 3600
    ip audit notify log
    ip audit po max-events 100
    ip ssh break-string
    no ftp-server write-enable
    !
    !
    !
    no crypto isakmp enable
    !
    !
    !
    !
    interface Ethernet0
    ip address 192.168.100.254 255.255.255.0
    ip nat inside
    ip tcp adjust-mss 1452
    hold-queue 100 out
    !
    interface ATM0
    no ip address
    atm vc-per-vp 64
    no atm ilmi-keepalive
    pvc 8/35
    pppoe-client dial-pool-number 1
    !
    dsl operating-mode auto
    !
    interface Dialer1
    ip address XXX.XXX.XXX.XXX 255.255.255.0
    ip access-group 111 in
    ip mtu 1492
    ip nat outside
    ip inspect myfw out
    encapsulation ppp
    ip tcp adjust-mss 1452
    dialer pool 1
    dialer-group 1
    ppp authentication chap pap callin
    ppp chap hostname [email protected]
    ppp chap password 7 XXXXXXXXXX
    ppp pap sent-username XXXX[email protected] password 7 XXXXXXXXXX
    !
    ip nat inside source list 1 interface Dialer1 overload
    ip nat inside source static tcp 192.168.1.1 443 XXX.XXX.XXX.XXX 443 extendable
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer1
    ip route 192.168.1.0 255.255.255.0 192.168.100.5
    ip http server
    ip http access-class 23
    no ip http secure-server
    !
    !
    access-list 1 permit 10.10.10.0 0.0.0.255
    access-list 1 permit 192.168.100.0 0.0.0.255
    access-list 1 permit 192.168.1.0 0.0.0.255
    access-list 23 permit 192.168.100.0 0.0.0.255
    access-list 111 permit icmp any any administratively-prohibited
    access-list 111 permit icmp any any echo
    access-list 111 permit icmp any any echo-reply
    access-list 111 permit icmp any any packet-too-big
    access-list 111 permit icmp any any time-exceeded
    access-list 111 permit icmp any any traceroute
    access-list 111 permit icmp any any unreachable
    access-list 111 permit udp any eq bootps any eq bootpc
    access-list 111 permit udp any eq bootps any eq bootps
    access-list 111 permit udp any eq domain any
    access-list 111 permit esp any any
    access-list 111 permit udp any any eq isakmp
    access-list 111 permit udp any any eq 10000
    access-list 111 permit tcp any any eq 1723
    access-list 111 permit tcp any any eq 139
    access-list 111 permit udp any any eq netbios-ns
    access-list 111 permit udp any any eq netbios-dgm
    access-list 111 permit gre any any
    access-list 111 permit tcp any any eq 443
    access-list 111 permit tcp any any
    access-list 111 deny ip any any
    dialer-list 1 protocol ip permit
    !
    control-plane
    !
    !
    line con 0
    exec-timeout 120 0
    no modem enable
    transport preferred all
    transport output all
    stopbits 1
    line aux 0
    transport preferred all
    transport output all
    line vty 0 4
    access-class 23 in
    exec-timeout 120 0
    password 7 XXXXXXXXXX
    login
    length 0
    transport preferred all
    transport input all
    transport output all
    !
    scheduler max-task-time 5000
    !
    end
    * Note that the IP inspection of TCP protocol on Cisco 837 has been removed in order to allow SSL section to be established from Internet to Citrix Access Gateway.
    Last edited by BrianC; 28th November 2008, 05:45.

  • #2
    Re: Help with adding 2 internet ip addresses to Cisco 837 router

    try this to add multiple addresses on the same dialer interface.

    Code:
    conf t
    interface Dialer1
    ip address  XXX.XXX.XXX.XXX 255.255.255.0 secondary
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment

    Working...
    X