Solved

Cisco Router 1700 Seies NAT configuration issues

Posted on 2004-04-20
11
1,187 Views
Last Modified: 2008-02-01
Ok I have a Cisco 1700 series hooked to a t-1. It's currently set up with nat polling.  What I would like to do is reconfigure the router to setup a firewall behind the router with external ips, but I don't know how to do it..  here is the current configuration:

User Access Verification

Password:
router>enable
Password:
% Password:  timeout expired!
Password:
% Password:  timeout expired!
Password:
remacc#show config
Using 1069 out of 29688 bytes
!
version 12.2
service config
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname router!
enable secret
enable password XXXXX
!
memory-size iomem 25
ip subnet-zero
!
!
!
!
interface FastEthernet0
 ip address 192.168.x.x 255.255.255.0
 ip nat inside
 speed auto
 full-duplex
!
interface Serial0
 no ip address
 ip nat outside
 encapsulation frame-relay IETF
 service-module t1 timeslots 1-24
 frame-relay lmi-type ansi
!
interface Serial0.540 point-to-point
 ip address 68.72.x.x 255.255.255.x
 ip nat outside
 frame-relay interface-dlci 540
!
ip nat pool net-1 68.78.x.x 68.78.x.x netmask 255.255.255.x
ip nat inside source list 1 pool net-1 overload
ip nat inside source static 192.168.x.x 68.78.x.x
ip classless
ip route 0.0.0.0 0.0.0.0 68.72.x.x
no ip http server
!
access-list 1 permit 192.168.x.x 0.0.0.255
access-list 104 permit tcp any any eq telnet
!
line con 0
line aux 0
line vty 0 4
 password xxxxxx
 login
!
no scheduler allocate
end

router#



Thanks In Advance

Nathan
0
Comment
Question by:nlockwood
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 13

Expert Comment

by:td_miles
ID: 10874740
What size real IP address range do you have allocated to you ?
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 10878369
0
 
LVL 1

Author Comment

by:nlockwood
ID: 10878885
I have a block of 5 ips
0
Don't miss ATEN at NAB Show April 24-27!

Visit ATEN at NAB Show to learn how our "Seamlessly Entertaining" solutions deliver fast, precise video streaming without delays for the broadcasting and media environment. ATEN will showcase its 16x16 Modular Matrix Switch (VM1600) and KVM Over IP Solution (KE6900 series).

 
LVL 43

Expert Comment

by:JFrederick29
ID: 10879166
What about setting it up like this:

68.72.x.x(Router)192.168.0.1 ------ 192.168.0.2(Firewall)192.168.1.1 ------Network 192.168.1.0/24

Continue to NAT on the router for the inside network beyond the firewall.  You will need to setup the proper routes.

On the firewall:

0.0.0.0 0.0.0.0 192.168.0.1

On the router:

192.168.1.0 255.255.255.0 192.168.0.2
Same default gateway to your ISP.
0
 
LVL 1

Accepted Solution

by:
ekahan earned 500 total points
ID: 10882051
Nathan,

If you are putting in a REAL firewall behind the router it makes the most sense to disable NAT on the router. So you would take one of the 68.68.x.x addresses and assign it to the Ethernet port of the router. You would take another 68.78.x.x address and assign it to the external interface of your firewall. You then would do all your NAT’ing on the firewall.
0
 
LVL 1

Author Comment

by:nlockwood
ID: 10888064
Thanks ekahan.  

That's what I would like to do..    how do I go about removing nat on the router? I know how to add the stuff but not remove it....

0
 
LVL 1

Expert Comment

by:ekahan
ID: 10888203
To remove the nat operation you would use these two commands to take NAT of the interfaces.

int fas 0
no ip nat inside

int s 0
no ip nat outside


If you want to remove the other NAT lines you would just type each nat line in with the word NO at the begining.


Eli
0
 
LVL 1

Expert Comment

by:ekahan
ID: 10888232
For clarity:
This is what the commands are if you want to remove all the NAT lines in the configuration you posted.

Once you are in config mode type the following lines.

int fast  0
no ip nat inside
!
int s 0
no ip nat outside

!
no ip nat pool net-1 68.78.x.x 68.78.x.x netmask 255.255.255.x
no ip nat inside source list 1 pool net-1 overload
no ip nat inside source static 192.168.x.x 68.78.x.x

0
 
LVL 1

Author Comment

by:nlockwood
ID: 10888306
oops silly me I got the commands..

Thanks Ekahan
0
 
LVL 1

Expert Comment

by:ekahan
ID: 10888343
Great! Happy I could help. Please remember to accept the answer.

Eli
0
 
LVL 1

Author Comment

by:nlockwood
ID: 10891097
Thanks for the help Eli...  I appericate it
0

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question