wawrzek
asked on
How to set up cisco 2811router
I have cisco 2811 router that I want to set up in a following way:
External address 123.123.123.12/28 (currently DHCP)
Internal range: 192.168.0.1/24; DHCP on and NAT
I need to redirect all the ports to 192.168.0.202
also NAT for 192.168.0.202-207, can be for all the range.
I have started with setting it up and there is DHCP server running, the problem I have is that I cannot access anything external from internal network. Even pinging the external router address times out. On the other hand when I ping from the router SDM I can reach both internal and external network.
I am complete beginner with cisco, I have performed simple tasks only (and bought CCNA training kit but it will have to wait couple of months unfortunately:)).
Best regards,
Laurence
External address 123.123.123.12/28 (currently DHCP)
Internal range: 192.168.0.1/24; DHCP on and NAT
I need to redirect all the ports to 192.168.0.202
also NAT for 192.168.0.202-207, can be for all the range.
I have started with setting it up and there is DHCP server running, the problem I have is that I cannot access anything external from internal network. Even pinging the external router address times out. On the other hand when I ping from the router SDM I can reach both internal and external network.
I am complete beginner with cisco, I have performed simple tasks only (and bought CCNA training kit but it will have to wait couple of months unfortunately:)).
Best regards,
Laurence
"External address 123.123.123.12/28 (currently DHCP)"
This is an address range. You will need to assign an address from this range to your external interface. And then you will need the route statement shown above.
Setting up NAT is relatively simple, but what are you trying to accomplish, a static NAT for a single machine, or a NAT pool that can be shared by multiple internal IP addresses?
This is an address range. You will need to assign an address from this range to your external interface. And then you will need the route statement shown above.
Setting up NAT is relatively simple, but what are you trying to accomplish, a static NAT for a single machine, or a NAT pool that can be shared by multiple internal IP addresses?
ASKER
hi,
thanks for prompt answers. That would be NAT pool I guess, shared by multiple IP addresses on internal network. Also one of them will have to have all the external ports forwarded to it.
The IP I used there is not an actual address, I have just made it up without thinking. At the moment it is connected to the 10.0.0.0 network and uses DHCP, when it is working and tested I will change it to the actual public static IP. It makes no difference now, does it?
I will try the suggestion from the first answer tomorrow, as the main problem I was having was not working NAT (no internet access on internal network, cannot ping external addresses nor external router address).
thanks for prompt answers. That would be NAT pool I guess, shared by multiple IP addresses on internal network. Also one of them will have to have all the external ports forwarded to it.
The IP I used there is not an actual address, I have just made it up without thinking. At the moment it is connected to the 10.0.0.0 network and uses DHCP, when it is working and tested I will change it to the actual public static IP. It makes no difference now, does it?
I will try the suggestion from the first answer tomorrow, as the main problem I was having was not working NAT (no internet access on internal network, cannot ping external addresses nor external router address).
interface (inside interface) ip address 10.10.10.1 255.255.255.0
ip nat inside
!--- Defines interface with an IP address and as a NAT inside interface.
interface (external interface)
ip address 172.16.10.64 255.255.255.0
ip nat outside
!--- Defines interface with an IP address and as a NAT outside interface.
ip nat pool ovrld 172.16.10.1 172.16.10.1 prefix 24
!
!--- Defines a NAT pool named ovrld with a range of a single IP
!--- address, 172.16.10.1.
ip nat inside source list 7 pool ovrld overload
!
!
!
!
!--- Indicates that any packets received on the inside interface that
!--- are permitted by access-list 7 will have the source address
!--- translated to an address out of the NAT pool named ovrld.
!--- Translations will be overloaded which will allow multiple inside
!--- devices to be translated to the same valid IP address.
access-list 7 permit 10.10.10.0 0.0.0.31
access-list 7 permit 10.10.20.0 0.0.0.31
!--- Access-list 7 permits packets with source addresses ranging from
!--- 10.10.10.0 through 10.10.10.31 and 10.10.20.0 through 10.10.20.31.
ip nat inside
!--- Defines interface with an IP address and as a NAT inside interface.
interface (external interface)
ip address 172.16.10.64 255.255.255.0
ip nat outside
!--- Defines interface with an IP address and as a NAT outside interface.
ip nat pool ovrld 172.16.10.1 172.16.10.1 prefix 24
!
!--- Defines a NAT pool named ovrld with a range of a single IP
!--- address, 172.16.10.1.
ip nat inside source list 7 pool ovrld overload
!
!
!
!
!--- Indicates that any packets received on the inside interface that
!--- are permitted by access-list 7 will have the source address
!--- translated to an address out of the NAT pool named ovrld.
!--- Translations will be overloaded which will allow multiple inside
!--- devices to be translated to the same valid IP address.
access-list 7 permit 10.10.10.0 0.0.0.31
access-list 7 permit 10.10.20.0 0.0.0.31
!--- Access-list 7 permits packets with source addresses ranging from
!--- 10.10.10.0 through 10.10.10.31 and 10.10.20.0 through 10.10.20.31.
ASKER
Hi, I have NAT and DHCP working. Now I need to redirect all the TCP/UDP ports from external IP to 192.168.0.2.
I'm attaching the config file.
I'm attaching the config file.
!This is the running config of the router: 192.168.0.1
!----------------------------------------------------------------------------
!version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$jO8b$GsxP4xg4Xe.bZvwdvw1dh/
!
no aaa new-model
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool sdm-pool1
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
!
!
ip domain name yourdomain.com
!
username admin privilege 15 secret 5 $1$01Xp$WVF5SI/XoYdSXT75M7NlE/
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$$ES_WAN$$FW_OUTSIDE$
ip address dhcp client-id FastEthernet0/0
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
description $ES_LAN$$FW_INSIDE$
ip address 192.168.0.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 remark INSIDE_IF=FastEthernet0/1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
scheduler allocate 20000 1000
!
end
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ip route 0.0.0.0 0.0.0.0 intf0/0 (intf0/0 is the interface for your external network)
This will direct all traffic out the external interface.
Could you also clarify what you need set up with NAT?