Solved

Nat through DSL Modem-router to Cisco 2621

Posted on 2004-09-06
7
428 Views
Last Modified: 2010-05-18
Ill try to keep it simple and short....
I have 5 static IP address's on my dsl subscription, 69.xxx.xxx.81 thru 69.xxx.xxx.85, the Modem/router is 69.XXX.xxx.86.
Net mask is 255.255.255.248
The int fa0/0 is(outside) 69.xxx.xxx.81 and int fa0/1 my internal network is 172.16.xxx.xxx/16.
I can ping thru the router to the outside, but I can not ping from the modem to the inside.... this is where my woes begin....
I want to be able to set up a web server, a ftp server and an RDP connection for people to hit the server from the outside on ip 69.xxx.xxx.85.
but for some reason unknown to me, I can not get the router (2621) to pass the trafic thru.
I have removed my in bound access-list for trouble shooting purposes, so please dont think Im a fool running wide open....
I have included my sh run and as you can see I would like anyone who hits the 69.xxx.xxx.85 address, depending on port #, to either start an RDP session or Hit the FTP server.  I have yet to set the NAT up for the http....I figure Im failing at two, why go for three....
So if you see the mistake that im not, please let me know...
thanks in advance people
ip subnet-zero
!
!
ip name-server 206.13.28.12
ip name-server 206.13.29.12
!
!
!
!
interface FastEthernet0/0
 ip address 69.XXX.XXX.81 255.255.255.248
 ip access-group 101 in
 ip nat outside
 no ip mroute-cache
 speed auto
 full-duplex
 no cdp enable
!
interface BRI0/0
 no ip address
 shutdown
!
interface FastEthernet0/1
 ip address 172.16.1.1 255.255.0.0
 ip nat inside
 speed auto
 full-duplex
!
!
ip default-gateway 69.XXX.XXX.86
ip nat inside source list 2 interface FastEthernet0/0 overload
ip nat inside source static tcp 172.16.10.1 20 69.XXX.XXX.85 20 extendable
ip nat inside source static tcp 172.16.10.1 21 69.XXX.XXX.85 21 extendable
ip nat inside source static tcp 172.16.10.1 3389 69.XXX.XXX.85 3389 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 69.225.219.86 name DSL-service
ip http server
no ip pim bidir-enable
!
access-list 2 permit 172.16.0.0 0.0.255.255
access-list 2 permit any
access-list 101 permit tcp any any
access-list 101 permit udp any eq domain any
access-list 101 permit icmp any any
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
0
Comment
Question by:CCNPwanabe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 11993240
>but I can not ping from the modem to the inside....
Of course not, you don't have a static for ICMP

Have you verified on the server 172.16.10.1 that its default gateway points to the router 172.16.1.1 ?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 11993250
You might try a 1-1 static nat for troubleshooting purposes:

ip nat inside source static 172.16.10.1 69.x.x.85

And you can also deny this IP from the nat acl:

access-list 2 deny 172.16.10.1
access-list 2 permit 172.16.0.0 0.0.255.255

0
 

Author Comment

by:CCNPwanabe
ID: 11993798
Im positive that the default gateway is 172.16.1.1 for the Eth port on the server.
Just tried what you sugested and same results.
Ive also tried ip route statements that point between the networks and NADA...
never the less, I do appreciate all your efforts  and help!

0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 
LVL 79

Expert Comment

by:lrmoore
ID: 11995897
So outgoing, web browsing etc works from the inside going out?

Where are you trying to hit the nat'd web server/ftp server from? From the inside of your network? You never will be able to use the public IP from inside. You must test from outside..
0
 

Author Comment

by:CCNPwanabe
ID: 11996775
Yeah, I know. Im using the terminal server at my place of work, and its internet connection..,
0
 

Author Comment

by:CCNPwanabe
ID: 12003345
Im a J^ck ^55
Because the modenm is also a router, I enabled ripo on both sides and added the network statements to the cisco and viola...
thanks for your help any how, I guess two or more heads are better....
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 125 total points
ID: 12005123
D' OH!
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question