dxbdxb2009
asked on
Simple NAT on Cisco router
Hello EEs,
I have some users internally with the ip address of 192.168.100.0/24 & 192.168.1.0/24
I have given public ip to my router 1841 as follow:
inte s0/0 = 100.100.100.230
inte e 0/1 = 100.100.100.233
I want all my internal users to access internet.
kindly send me all config of router like setting up dns ip, routing etc on router, since i am new to cisco router
An earlier reply will be appriciated.
Many thanks,
DXB
I have some users internally with the ip address of 192.168.100.0/24 & 192.168.1.0/24
I have given public ip to my router 1841 as follow:
inte s0/0 = 100.100.100.230
inte e 0/1 = 100.100.100.233
I want all my internal users to access internet.
kindly send me all config of router like setting up dns ip, routing etc on router, since i am new to cisco router
An earlier reply will be appriciated.
Many thanks,
DXB
sorry :
ip nat inside source list 1 interface ser 0/0 overload
ip nat inside source list 1 interface ser 0/0 overload
hi
just little modification to the above post
ip name-server 8.8.8.8 8.8.4.4 // you can add up to 6 DNSs
int fast 0/1
ip address 192.168.100.1 255.255.255.0
ip address 192.168.1.1 255.255.255.0 sec
ip nat inside
ip route 0.0.0.0 0.0.0.0 YOUR.GATEWAY.IP // or
ip route 0.0.0.0 0.0.0.0 int s0/0
but am not sure what this means "inte e 0/1 = 100.100.100.233"
just little modification to the above post
ip name-server 8.8.8.8 8.8.4.4 // you can add up to 6 DNSs
int fast 0/1
ip address 192.168.100.1 255.255.255.0
ip address 192.168.1.1 255.255.255.0 sec
ip nat inside
ip route 0.0.0.0 0.0.0.0 YOUR.GATEWAY.IP // or
ip route 0.0.0.0 0.0.0.0 int s0/0
but am not sure what this means "inte e 0/1 = 100.100.100.233"
ASKER
ikalmar: Thanks for your reply,
I will give prive ip like 192.168.100.0/24 & 192.168.1.0/24 to my all PC servers two subnets so :-
* how these ips will route / reach to my router? any other ip route 192.168.100.0 100.100.100.23 need to be given?
* what is the gateway i will put in all my pcs?
Awaiting for your ealire reply,
Many thanks
--------------------------
memo_tnt: thanks for your reply,
IP 100.100.100.233 i have given to my fe 0/1 interface on router.
kindly advise how my pcs will reach to the router.
thanks.
DXB
I will give prive ip like 192.168.100.0/24 & 192.168.1.0/24 to my all PC servers two subnets so :-
* how these ips will route / reach to my router? any other ip route 192.168.100.0 100.100.100.23 need to be given?
* what is the gateway i will put in all my pcs?
Awaiting for your ealire reply,
Many thanks
--------------------------
memo_tnt: thanks for your reply,
IP 100.100.100.233 i have given to my fe 0/1 interface on router.
kindly advise how my pcs will reach to the router.
thanks.
DXB
do you have a DHCP server setup at your network ..?
if yes then it should be configured to provide PCs with IPs and Gateway
if no
then either you setup a DHCP server at your router or server machine
and i'll help you to do that ..
or
set static IPs for your PCs ,, and assign for them gateway that consistent to the IP you already give as:
if you assigned static IP: 192.168.100.10 , subnet mask: 255.255.255.0
then gateway: 192.168.100.1 ,, and DNS 192.168.100.1
and for 2nd subnet
IP: 192.168.1.10 , subnet mask: 255.255.255.0
then gateway: 192.168.1.1 ,, and DNS 192.168.1.1
if yes then it should be configured to provide PCs with IPs and Gateway
if no
then either you setup a DHCP server at your router or server machine
and i'll help you to do that ..
or
set static IPs for your PCs ,, and assign for them gateway that consistent to the IP you already give as:
if you assigned static IP: 192.168.100.10 , subnet mask: 255.255.255.0
then gateway: 192.168.100.1 ,, and DNS 192.168.100.1
and for 2nd subnet
IP: 192.168.1.10 , subnet mask: 255.255.255.0
then gateway: 192.168.1.1 ,, and DNS 192.168.1.1
and the default route
ip route 0.0.0.0 0.0.0.0 int s0/0
will route traffic that comes from both subnets to outside internet ...
ip route 0.0.0.0 0.0.0.0 int s0/0
will route traffic that comes from both subnets to outside internet ...
ASKER
memo_tnt: thanks for supporting me kindly be onilne for while my queries get solutions.
Take it granted that now for time being i will assigne static IPs to all my PC with the
IP 192.168.100.1-254
SNM 255.255.255.0
Gateway 192.168.100.1
DNS 192.168.100.1 the same will i do for the other subnet....but
how will my PC come to know where is the 192.168.100.1 & 192.168.1.1 Gateway?
How i have to config the gateway addresses & where in router?
Awaiting for your reply.
Thanks
Take it granted that now for time being i will assigne static IPs to all my PC with the
IP 192.168.100.1-254
SNM 255.255.255.0
Gateway 192.168.100.1
DNS 192.168.100.1 the same will i do for the other subnet....but
how will my PC come to know where is the 192.168.100.1 & 192.168.1.1 Gateway?
How i have to config the gateway addresses & where in router?
Awaiting for your reply.
Thanks
are all pces directly connected to your router through a switch:
if yes :
then ;;once you put the following
int fast 0/1
ip address 192.168.100.1 255.255.255.0
ip address 192.168.1.1 255.255.255.0 sec
ip nat inside
and this
ip nat inside source list 1 intrface ser 0/0 overload
access-list 1 permit 192.168.100.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
with the default route
ip route 0.0.0.0 0.0.0.0 int s0/0
it will automatically know where to go
if yes :
then ;;once you put the following
int fast 0/1
ip address 192.168.100.1 255.255.255.0
ip address 192.168.1.1 255.255.255.0 sec
ip nat inside
and this
ip nat inside source list 1 intrface ser 0/0 overload
access-list 1 permit 192.168.100.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
with the default route
ip route 0.0.0.0 0.0.0.0 int s0/0
it will automatically know where to go
and all PCs able to reach booth subnets
but i this case you need to give other DNS server for your pc, not the router, please configure local DNS server. or use the ISP's DNS
ASKER
memo_tnt: & ikalmar Many thanks for your valuable reply.
Yes all PCs are connected tr switch & I will use my ISP DNS for time being till my internal AD + DNS got ready.
Now I want to put some servers on subnet 192.168.100.0 which must be secure to access the internet from inside to outside as well as outside to inside like
Exchange server = 192.168.100.14 with the port 25 + 443
FTP Server = 192.168.100.10 (with the port 20 + 21)
Terminal Server = 192.168.100.11 (with the port 3389)
All servers must access internet internally but from outside servers must be accessable secuerly like anly requried ports must be open not all like from outside only SMTP traffic should go to exchange server i.e 192.168.100.14 not other & FTP server is accable from outside with the port 20 + 21 only.
Now the second thing I want map my exchange server IP i.e 192.168.14 with the external public IP i.e. 100.100.100.25.
By which all mails header must show that the mail is sent by 100.100.100.25. (meaning all outgoing smtp traffic must traslate internal address 192.168.100.14 ------> to -------> public IP on 100.100.100.25 & all incomding traffic coming to 100.100.100.25 with port 25 must be traslated to 192.168.100.14.
Kidly help me regarding the same.
If you require a network drawing I can provide it to you.
Awaiting for your earlier reply.
Many thanks.
Yes all PCs are connected tr switch & I will use my ISP DNS for time being till my internal AD + DNS got ready.
Now I want to put some servers on subnet 192.168.100.0 which must be secure to access the internet from inside to outside as well as outside to inside like
Exchange server = 192.168.100.14 with the port 25 + 443
FTP Server = 192.168.100.10 (with the port 20 + 21)
Terminal Server = 192.168.100.11 (with the port 3389)
All servers must access internet internally but from outside servers must be accessable secuerly like anly requried ports must be open not all like from outside only SMTP traffic should go to exchange server i.e 192.168.100.14 not other & FTP server is accable from outside with the port 20 + 21 only.
Now the second thing I want map my exchange server IP i.e 192.168.14 with the external public IP i.e. 100.100.100.25.
By which all mails header must show that the mail is sent by 100.100.100.25. (meaning all outgoing smtp traffic must traslate internal address 192.168.100.14 ------> to -------> public IP on 100.100.100.25 & all incomding traffic coming to 100.100.100.25 with port 25 must be traslated to 192.168.100.14.
Kidly help me regarding the same.
If you require a network drawing I can provide it to you.
Awaiting for your earlier reply.
Many thanks.
you need portforward thos ports to your servers as:
ip nat inside source static tcp 192.168.100.100 interface s0/0 25
assuming you mail server is 192.168.100.100
ans same thing for other ports and servers
ip nat inside source static tcp 192.168.100.100 interface s0/0 25
assuming you mail server is 192.168.100.100
ans same thing for other ports and servers
ip nat inside source static tcp 192.168.100.100 25 interface s0/0 25
ip nat inside source static tcp 192.168.100.100 443 interface s0/0 443
ip nat inside source static tcp 192.168.100.10 20 interface s0/0 20
ip nat inside source static tcp 192.168.100.10 21 interface s0/0 21
ip nat inside source static tcp 192.168.100.11 3389 interface s0/0 3389
ip nat inside source static tcp 192.168.100.100 443 interface s0/0 443
ip nat inside source static tcp 192.168.100.10 20 interface s0/0 20
ip nat inside source static tcp 192.168.100.10 21 interface s0/0 21
ip nat inside source static tcp 192.168.100.11 3389 interface s0/0 3389
ASKER
memo_tnt & ikalmar thanks for your valuable reply & sorry for replying you late since here the power cut off.
I understand that the inside traffic will be natted with public IPs on S 0/0 interface with corresponding ports.
Now kindly advise how the incoming traffic will be allowed on S 0/0 interface?
Pls provide me the commond for this asked below my query:-
"Now the second thing I want map my exchange server IP i.e 192.168.14 with the public IP i.e. 100.100.100.235
By which all mails header must show that the mail is sent by 100.100.100.235. (meaning all outgoing smtp traffic must traslate internal address 192.168.100.14 ------> to -------> public IP on 100.100.100.235 & all incomding traffic coming to 100.100.100.235 with port 25 must be traslated to 192.168.100.14."
By doing this I want to keep separate public IP for my mail traffic.
Kindly advice how i can accomplish this rule with appropriate commands.
Awaiting for your earlier reply as it was in past.
best regards
dxb
I understand that the inside traffic will be natted with public IPs on S 0/0 interface with corresponding ports.
Now kindly advise how the incoming traffic will be allowed on S 0/0 interface?
Pls provide me the commond for this asked below my query:-
"Now the second thing I want map my exchange server IP i.e 192.168.14 with the public IP i.e. 100.100.100.235
By which all mails header must show that the mail is sent by 100.100.100.235. (meaning all outgoing smtp traffic must traslate internal address 192.168.100.14 ------> to -------> public IP on 100.100.100.235 & all incomding traffic coming to 100.100.100.235 with port 25 must be traslated to 192.168.100.14."
By doing this I want to keep separate public IP for my mail traffic.
Kindly advice how i can accomplish this rule with appropriate commands.
Awaiting for your earlier reply as it was in past.
best regards
dxb
ASKER
Dear EEs,
Any Updatessssssssssssssssssss
Any Updatessssssssssssssssssss
hi
does this ip 100.100.100.235 ,, one of your IP range ?
also post full configuration , ,remove passwords and keys ...
does this ip 100.100.100.235 ,, one of your IP range ?
also post full configuration , ,remove passwords and keys ...
ASKER
Thanks memo_tnt for the support,
Yes this ip is in my IP range.
Kindly find the below config of my Cisco Router 1841.
I request you experts to have a look on the attached my network diagram & let me know the below posted router
config is correct or any modification need to be added.
==========================
enable
conf t
hostname ROUTER
aaa new model
aaa authentication login default local
ip in
int s0/1/0
ip address 100.100.100.230 255.255.255.252
ip nat outside
encapsulatoin ppp
no shut
no ip http server
no ip http-secure server
int f0/1
ip address 100.100.100.233 255.255.255.240
ip address 192.168.100.1.255.255.255.
ip address 192.168.1.1.255.255.255.0 secondary
ip nat inside
no shut
ip nat inside source list 1 interface s 0/1/0 overload
access-list 1 permit 192.168.100.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source static tcp 192.168.0.14 25 100.100.100.235 interface s0/1/0 25
ip nat inside source static tcp 192.168.0.14 443 100.100.100.235 interface s0/1/0 443
ip nat inside source static tcp 192.168.0.10 20 100.100.100.235 interface s0/1/0 20
ip nat inside source static tcp 192.168.0.10 21 100.100.100.235 interface s0/1/0 21
ip nat inside source static tcp 192.168.0.11 3389 100.100.100.235 interface s0/1/0 3389
ip route 0.0.0.0 0.0.0.0 interface s0/1/0
ip inspect name INSPECTOUT cuseeme (transmit audio and video signals)
ip inspect name INSPECTOUT ftp
ip inspect name INSPECTOUT h323 (standard for multimedia communications)
ip inspect name INSPECTOUT icmp
ip inspect name INSPECTOUT rcmd (super-user to execute a command on a remote machine)
ip inspect name INSPECTOUT realaudio ( to send streaming audio data)
ip inspect name INSPECTOUT rtsp (The transmission of streaming data)
ip inspect name INSPECTOUT esmtp
ip inspect name INSPECTOUT sqlnet
ip inspect name INSPECTOUT streamworks (Used for tx of high quality video)
ip inspect name INSPECTOUT tftp
ip inspect name INSPECTOUT tcp
ip inspect name INSPECTOUT udp
ip inspect name INSPECTOUT vdolive (allows Web sites to show streaming video and multimedia clips)
ip inspect name INSPECTOUT ftp timeout 3600
ip inspect name INSPECTOUT smtp timeout 3600
ip inspect name INSPECTOUT udp timeout 15
ip inspect name INSPECTOUT tcp timeout 3600
int s0/1/0
ip inspect INSPECTOUT out
ip access-list extended OUT_TO_IN
permit tcp any any eq 8080
permit tcp any any eq 20
permit tcp any any eq 21
permit tcp any any eq 1521 (SQL Server)
permit tcp any any eq telnet (Exchange)
permit tcp any any eq pop3 (Exchange)
permit tcp any any eq 465 (Exchange)
permit icmp any any echo-reply
permit icmp any any time-exceeded
deny ip 127.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
int f0/0
ip access-group OUT_TO_IN in
==========================
An earlier reply will be appreciated.
Many thanks,
DXB
ND-With-IP.JPG
Yes this ip is in my IP range.
Kindly find the below config of my Cisco Router 1841.
I request you experts to have a look on the attached my network diagram & let me know the below posted router
config is correct or any modification need to be added.
==========================
enable
conf t
hostname ROUTER
aaa new model
aaa authentication login default local
ip in
int s0/1/0
ip address 100.100.100.230 255.255.255.252
ip nat outside
encapsulatoin ppp
no shut
no ip http server
no ip http-secure server
int f0/1
ip address 100.100.100.233 255.255.255.240
ip address 192.168.100.1.255.255.255.
ip address 192.168.1.1.255.255.255.0 secondary
ip nat inside
no shut
ip nat inside source list 1 interface s 0/1/0 overload
access-list 1 permit 192.168.100.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source static tcp 192.168.0.14 25 100.100.100.235 interface s0/1/0 25
ip nat inside source static tcp 192.168.0.14 443 100.100.100.235 interface s0/1/0 443
ip nat inside source static tcp 192.168.0.10 20 100.100.100.235 interface s0/1/0 20
ip nat inside source static tcp 192.168.0.10 21 100.100.100.235 interface s0/1/0 21
ip nat inside source static tcp 192.168.0.11 3389 100.100.100.235 interface s0/1/0 3389
ip route 0.0.0.0 0.0.0.0 interface s0/1/0
ip inspect name INSPECTOUT cuseeme (transmit audio and video signals)
ip inspect name INSPECTOUT ftp
ip inspect name INSPECTOUT h323 (standard for multimedia communications)
ip inspect name INSPECTOUT icmp
ip inspect name INSPECTOUT rcmd (super-user to execute a command on a remote machine)
ip inspect name INSPECTOUT realaudio ( to send streaming audio data)
ip inspect name INSPECTOUT rtsp (The transmission of streaming data)
ip inspect name INSPECTOUT esmtp
ip inspect name INSPECTOUT sqlnet
ip inspect name INSPECTOUT streamworks (Used for tx of high quality video)
ip inspect name INSPECTOUT tftp
ip inspect name INSPECTOUT tcp
ip inspect name INSPECTOUT udp
ip inspect name INSPECTOUT vdolive (allows Web sites to show streaming video and multimedia clips)
ip inspect name INSPECTOUT ftp timeout 3600
ip inspect name INSPECTOUT smtp timeout 3600
ip inspect name INSPECTOUT udp timeout 15
ip inspect name INSPECTOUT tcp timeout 3600
int s0/1/0
ip inspect INSPECTOUT out
ip access-list extended OUT_TO_IN
permit tcp any any eq 8080
permit tcp any any eq 20
permit tcp any any eq 21
permit tcp any any eq 1521 (SQL Server)
permit tcp any any eq telnet (Exchange)
permit tcp any any eq pop3 (Exchange)
permit tcp any any eq 465 (Exchange)
permit icmp any any echo-reply
permit icmp any any time-exceeded
deny ip 127.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
int f0/0
ip access-group OUT_TO_IN in
==========================
An earlier reply will be appreciated.
Many thanks,
DXB
ND-With-IP.JPG
you can do it like this
ip nat inside source static tcp 192.168.0.14 25 100.100.100.235 25
ip nat inside source static tcp 192.168.0.14 443 100.100.100.235 443
ip nat inside source static tcp 192.168.0.10 20 100.100.100.235 20
ip nat inside source static tcp 192.168.0.10 21 100.100.100.235 21
ip nat inside source static tcp 192.168.0.11 3389 100.100.100.235 3389
and allow port 25 in your ACL as
ip access-list extended OUT_TO_IN
permit tcp any any eq 8080
permit tcp any any eq 20
permit tcp any any eq 21
permit tcp any any eq 1521 (SQL Server)
permit tcp any any eq telnet (Exchange)
permit tcp any any eq pop3 (Exchange)
permit tcp any any eq 25
permit tcp any any eq 465 (Exchange)
permit icmp any any echo-reply
permit icmp any any time-exceeded
deny ip 127.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
ip nat inside source static tcp 192.168.0.14 25 100.100.100.235 25
ip nat inside source static tcp 192.168.0.14 443 100.100.100.235 443
ip nat inside source static tcp 192.168.0.10 20 100.100.100.235 20
ip nat inside source static tcp 192.168.0.10 21 100.100.100.235 21
ip nat inside source static tcp 192.168.0.11 3389 100.100.100.235 3389
and allow port 25 in your ACL as
ip access-list extended OUT_TO_IN
permit tcp any any eq 8080
permit tcp any any eq 20
permit tcp any any eq 21
permit tcp any any eq 1521 (SQL Server)
permit tcp any any eq telnet (Exchange)
permit tcp any any eq pop3 (Exchange)
permit tcp any any eq 25
permit tcp any any eq 465 (Exchange)
permit icmp any any echo-reply
permit icmp any any time-exceeded
deny ip 127.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
ASKER
Thanks for your reply memo_tnt,
Kindly explain in breif what is the command used for :-
permit icmp any any echo-reply
permit icmp any any time-exceeded
deny ip 127.0.0.0 0.255.255.255 any
ip inspect name INSPECTOUT ftp timeout 3600
no ip http server
no ip http-secure server
aaa new model
aaa authentication login default local
awaiting for your earlier reply.
many thanks,
dxb
Kindly explain in breif what is the command used for :-
permit icmp any any echo-reply
permit icmp any any time-exceeded
deny ip 127.0.0.0 0.255.255.255 any
ip inspect name INSPECTOUT ftp timeout 3600
no ip http server
no ip http-secure server
aaa new model
aaa authentication login default local
awaiting for your earlier reply.
many thanks,
dxb
hi
you are welcome
permit icmp any any echo-reply >>>> this permit ICMP packets, as ping to your router IP
permit icmp any any time-exceeded >>> Time-to-Live (TTL) equals 0 during transit (type 11 code 0) is required because it is used by traceroute to permit these messages..
deny ip 127.0.0.0 0.255.255.255 any >>>> deny traffic from source ip 127.0.0.0 to prevent spoofing ...
ip inspect name INSPECTOUT ftp timeout 3600 >> firewall inspection ,, that specify the ftp idle time out,,(((the length of time during which a FTP session will still be managed while there is no activity)))
no ip http server >>> cisable router http server ,, so you can't access the router using its GUI
no ip http-secure server >> disable accessing SSL services to the router as WebVPN,,
aaa new model ,, enables the Authentication, Authorization, and Accounting for identity, control and record of users or system interactions with systems ...
aaa authentication login default local >> all users are authenticated from router local database ..
you are welcome
permit icmp any any echo-reply >>>> this permit ICMP packets, as ping to your router IP
permit icmp any any time-exceeded >>> Time-to-Live (TTL) equals 0 during transit (type 11 code 0) is required because it is used by traceroute to permit these messages..
deny ip 127.0.0.0 0.255.255.255 any >>>> deny traffic from source ip 127.0.0.0 to prevent spoofing ...
ip inspect name INSPECTOUT ftp timeout 3600 >> firewall inspection ,, that specify the ftp idle time out,,(((the length of time during which a FTP session will still be managed while there is no activity)))
no ip http server >>> cisable router http server ,, so you can't access the router using its GUI
no ip http-secure server >> disable accessing SSL services to the router as WebVPN,,
aaa new model ,, enables the Authentication, Authorization, and Accounting for identity, control and record of users or system interactions with systems ...
aaa authentication login default local >> all users are authenticated from router local database ..
ASKER
hello memo_tnt
thanks for your valuable reply.
shell i bind this "ip access-list extended OUT_TO_IN" ACL on so/1/0 or its okay on f 0/0 on the router?
what is the command used for "ip nat pool MYIPPOOL" 100.100.100.230 100.100.100.236 net mask 255.255.255.248
used for? (pls put one example too)
Many thanks,
dxd
thanks for your valuable reply.
shell i bind this "ip access-list extended OUT_TO_IN" ACL on so/1/0 or its okay on f 0/0 on the router?
what is the command used for "ip nat pool MYIPPOOL" 100.100.100.230 100.100.100.236 net mask 255.255.255.248
used for? (pls put one example too)
Many thanks,
dxd
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
can be set either on WAN interface or LAN interface,,
but leave same as you have it now
int s0/1/0
ip inspect INSPECTOUT out
the syntax is ::
ip nat pool <pool name> startip endip {netmask netmask | prefix prefix-length}
and it's used as a pool of legal Public IPs
but leave same as you have it now
int s0/1/0
ip inspect INSPECTOUT out
the syntax is ::
ip nat pool <pool name> startip endip {netmask netmask | prefix prefix-length}
and it's used as a pool of legal Public IPs
ASKER
thanks for your support,
so intent of these commands :-
ip nat inside source static tcp 192.168.0.14 25 100.100.100.235 25
ip nat inside source static tcp 192.168.0.14 443 100.100.100.235 443
ip nat inside source static tcp 192.168.0.10 20 100.100.100.235 20
ip nat inside source static tcp 192.168.0.10 21 100.100.100.235 21
ip nat inside source static tcp 192.168.0.11 3389 100.100.100.235 3389
can i use IP POOL command like
ip nat pool MYIPPOOL 100.100.100.235 100.100.100.238 net mask 255.255.255.248
but what is prefix-length & in this case how will i map the ip to particular ip with port....it is possible.....
kindly advise,
many thanks
dxb
so intent of these commands :-
ip nat inside source static tcp 192.168.0.14 25 100.100.100.235 25
ip nat inside source static tcp 192.168.0.14 443 100.100.100.235 443
ip nat inside source static tcp 192.168.0.10 20 100.100.100.235 20
ip nat inside source static tcp 192.168.0.10 21 100.100.100.235 21
ip nat inside source static tcp 192.168.0.11 3389 100.100.100.235 3389
can i use IP POOL command like
ip nat pool MYIPPOOL 100.100.100.235 100.100.100.238 net mask 255.255.255.248
but what is prefix-length & in this case how will i map the ip to particular ip with port....it is possible.....
kindly advise,
many thanks
dxb
Hi dxbdxb2009:
your question has been extended to multiquestios
may you need to check cisco manuals or post more than one question
anyways; check this link for your last question
http://www.ciscosystems.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093fca.shtml
Best Regards
your question has been extended to multiquestios
may you need to check cisco manuals or post more than one question
anyways; check this link for your last question
http://www.ciscosystems.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093fca.shtml
Best Regards
ASKER
Thanks memo_tnt,
For the above query i go the answer but can you pls give me the brief abt the following commands why they are used for?
service single-slot-reload-enable
service tcp-keepalives-in
service timestamps debug uptime
no service timestamps log uptime
service password-encryption
no logging rate-limit
clock summer-time EDT recurring
no ip subnet-zero
no ip source-route
!
no ip finger
ip ftp source-interface Ethernet0/1
ip ftp username Teddy
ip ftp password
no ip bootp server
interface Loopback0
no ip proxy-arp
half-duplex
no ip redirects
no ip proxy-arp
no ip mroute-cache
service-module t1 timeslots 1-24
route-map incT1 permit 10
match ip address incomingT1
match interface Ethernet0/1
set interface Ethernet0/1
set ip default next-hop 192.168.0.2
line con 0
exec-timeout 5 0
password
login local
transport input none
line aux 0
no exec
password
login local
line vty 0 4
access-class 98 in
exec-timeout 45 0
password
login
transport input telnet
transport output none
no scheduler allocate
Thanks for your support once again,
DXB
For the above query i go the answer but can you pls give me the brief abt the following commands why they are used for?
service single-slot-reload-enable
service tcp-keepalives-in
service timestamps debug uptime
no service timestamps log uptime
service password-encryption
no logging rate-limit
clock summer-time EDT recurring
no ip subnet-zero
no ip source-route
!
no ip finger
ip ftp source-interface Ethernet0/1
ip ftp username Teddy
ip ftp password
no ip bootp server
interface Loopback0
no ip proxy-arp
half-duplex
no ip redirects
no ip proxy-arp
no ip mroute-cache
service-module t1 timeslots 1-24
route-map incT1 permit 10
match ip address incomingT1
match interface Ethernet0/1
set interface Ethernet0/1
set ip default next-hop 192.168.0.2
line con 0
exec-timeout 5 0
password
login local
transport input none
line aux 0
no exec
password
login local
line vty 0 4
access-class 98 in
exec-timeout 45 0
password
login
transport input telnet
transport output none
no scheduler allocate
Thanks for your support once again,
DXB
Hi dxbdxb2009:
you need to explain the whole configuration??
this needs a CCNA course to explain them !!
use the following links a brief about cisco commands
http://www.ciscosystems.com/en/US/docs/ios/12_0/configfun/configuration/guide/fcui.html
http://support.verio.com/documents/view_article.cfm?doc_id=467
you need to explain the whole configuration??
this needs a CCNA course to explain them !!
use the following links a brief about cisco commands
http://www.ciscosystems.com/en/US/docs/ios/12_0/configfun/configuration/guide/fcui.html
http://support.verio.com/documents/view_article.cfm?doc_id=467
I think you need to open a new topic!
ASKER
thanks memo_tnt for the links....i think i can get more then the useful commands here ....let me see here.......no but not all.
--------------------------
ikalmar:--
Pls find the new question here-
https://www.experts-exchange.com/questions/25082982/Cisco-Router-Config-Commands.html
Awiating for your ealire reply.
Many thanks
DXB
--------------------------
ikalmar:--
Pls find the new question here-
https://www.experts-exchange.com/questions/25082982/Cisco-Router-Config-Commands.html
Awiating for your ealire reply.
Many thanks
DXB
ASKER
Thanks memo_tnt for your support & answers pls accept 500 Ponts.
regards,
DXB
regards,
DXB
ip nat outside
int fast 0/1
ip nat inside
ip nat inside source list 1 intrface ser 0/0 overload
access-list 1 permit 192.168.100.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255