Question : CISCO 877 Config -- GRE Tunnels/NAT -- How to assign second public IP to local IP?

Recently bought a CISCO 877W-G-A-K9 Router which is my first piece of Cisco equipment. For normal internet browsing its all working fine. So my next step is to get my web server/e-mail server going (uses https with multiple domains so can't simply port forward on the same IP/virtual-domain, need a different IP for each domain).

I have 5 sequential static IP addresses assigned by my ISP and am using the first one for my router. My static IP addresses share the same subnet mask (/29).

I want my second static IP address to be routed directly to local IP 10.5.5.30 for web server & e-mail. At first I was told by my ISP to use GRE/IP tunnels (which I know nothing about) and then they told me I would be able to do what I want using simple NAT.

my topology is something like:

--BVI1-- --Vlan--
\------
\-----
\----

So I only have 1 external interface & all of my servers are behind it using private IP addresses.

!This is the running config of the router: 10.5.5.254
!--------------------------------- ---------------------------------- ---------
!version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime
service password-encryption
service sequence-numbers
!
hostname gateway
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5
!
username password 7
username privilege 15 password 7
clock timezone Adelaid 9 30
clock summer-time Adelaid date Mar 30 2003 3:00 Oct 26 2003 2:00
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local
aaa session-id common
ip subnet-zero
no ip source-route
ip cef
ip dhcp excluded-address 10.5.5.1 10.5.5.49
ip dhcp excluded-address 10.5.5.61 10.5.5.254
!
ip dhcp pool CLIENTS
network 10.5.5.0 255.255.255.0
default-router 10.5.5.254
dns-server 192.231.203.132 192.231.203.3
domain-name mydomain.com.au
!
!
ip tcp synwait-time 10
no ip bootp server
ip domain name mydomain.com.au
ip name-server 192.231.203.132
ip name-server 192.231.203.3
no ftp-server write-enable
!
!
!
!
!
bridge irb
!
!
interface Null0
no ip unreachables
!
interface ATM0
description --- ADSL to Internode ---
no ip address
no ip mroute-cache
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5snap
protocol ip inarp
!
dsl operating-mode itu-dmt
bridge-group 1
hold-queue 224 in
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Dot11Radio0
no ip address
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
world-mode dot11d country AU both
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
no dot11 extension aironet
!
interface Vlan1
description $FW_INSIDE$
ip address 10.5.5.254 255.255.255.0
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
!
interface BVI1
description -- Bridging Interface ---$FW_OUTSIDE$
ip address <150.x.x.1st> <255.255.255.x>
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
!
ip classless
ip route 0.0.0.0 0.0.0.0 <150.x.x.1st>
!
ip http server
ip http access-class 3
ip http authentication local
ip http secure-server
ip nat inside source route-map internet interface BVI1 overload
ip nat inside source static tcp 10.5.5.30 80 <150.x.x.2nd> 80 extendable
!
access-list 1 permit 192.83.231.0 0.0.0.255
access-list 1 permit 10.5.5.0 0.0.0.255
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 10.5.5.30
access-list 3 remark HTTP Access-class list
access-list 3 remark SDM_ACL Category=1
access-list 3 permit 10.5.5.0 0.0.0.255
access-list 3 deny any
access-list 100 remark VTY Access-class list
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip 10.5.5.0 0.0.0.255 any
access-list 100 deny ip any any
access-list 101 permit ip 10.5.5.0 0.0.0.255 any
no cdp run
route-map internet permit 10
match ip address 101
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
access-class 100 in
authorization exec local_author
login authentication local_authen
transport preferred all
transport input ssh
transport output all
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

-------------------
when I point my webbrowser to http://<150.x.x.2nd> I just get a "Connection Refused" message.

Can anyone see what I'm doing wrong? Maybe I need to allow access (although I haven't configured any firewall options)?

Answer : CISCO 877 Config -- GRE Tunnels/NAT -- How to assign second public IP to local IP?

>when I point my webbrowser to http://<150.x.x.2nd> I just get a "Connection Refused" message.
Are you trying this from inside your network, or from outside?
You won't be able to get to the public IP from inside.

You don't have any access-lists at all, so there are no restrictions currently.
Is the default gateway of the server set to the router's interface IP 10.5.5.254 ?

Random Solutions

unable to add network connection

internet bandwidth options

Gateway/Gateway VPN and SBS 2K3

Configure DHCP to Exclude MAC range

Autorefresh Of ASPX Page Inheriting a .DLL File

Cannot ping ADSL router in external NIC

Iptables mysteriously dropping packets

No Internet Access through VPN

Password Recovery on a D-Link DGS-3324SRi

Need script to change static IP address for WinXP