"Daniel" <(E-Mail Removed)> wrote in message
news:24514E19-F2E0-4D4A-A11E-(E-Mail Removed)...
> Hello, I have multiple public IP's that I'd like to route through NAT to
> multiple corresponding private IP's, each with a web server assigned. I
> have
> 2 NIC cards - the public has multiple public IP's bound, and the other has
> the same number of private IP's bound.
Private IP#s bound? Bound to what? The internal nic of the NAT Box?
The IP#s should be bound to the nic on the Web server that is behind the NAT
box.
> through each of the public addresses to the corresponding private
> addresses
> (ie. public addr1 ports 80/443 to private addr1 ports 80/443, public addr2
> ports 80/443 to private addr2 ports 80/443, etc.)
That looks like the correct approach to me, I see nothing wrong there.
> The NAT won't allow me to
> do this and says that port is already assigned. I've read about
> "reservations" but don't fully understand it. Is it possible to do what I
> want to do? What am I missing?
It isn't "NAT" that isn't allowing it,...it would be the NAT Box
itself,...it may be limited in its capability and cannot handle it.
Another approach is to use a single private IP# on the Web Server and a
single public IP# on the outside of the NAT box. You do the Reverse NAT
only *once* between the public and private IP#,...then you use Hosts Header
(another name for the FQDN of the Site) to distinguish the Sites one from
another. Let's say you have a public IP# of 25.35.53.52 and a private IP on
the web server of 192.168.25.46
1. 25.35.53.52 (
www.site1.com) to 192.168.25.46 (
www.site1.com)
2. 25.35.53.52 (
www.site2.com) to 192.168.25.46 (
www.site2.com)
3. 25.35.53.52 (
www.site3.com) to 192.168.25.46 (
www.site3.com)
4. 25.35.53.52 (
www.site4.com) to 192.168.25.46 (
www.site4.com)
5. 25.35.53.52 (
www.site5.com) to 192.168.25.46 (
www.site5.com)
The Host Header function happens entirely on the Web Server software (IIS?)
itself. The NAT box has no idea it is happening and is totally oblivious to
it. All it knows is that it is sending 80 & 443 traffic comming in on
25.35.53.52 and passing it to 192.168.25.46
The Web Server simply looks at the URL in the request and passes it to the
proper website that matches what is seen in the request. It is very simple
and clean,..all the config is done in one place on the Web Server, the NAT
box only gets a single Reverse-NAT config for http/https between just two
simple IP#s and never needs touched again.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/e...epartners.mspx
-----------------------------------------------------
Similar Threads
Linear Mode
