[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 432
  • Last Modified:

Nat through DSL Modem-router to Cisco 2621

Ill try to keep it simple and short....
I have 5 static IP address's on my dsl subscription, 69.xxx.xxx.81 thru 69.xxx.xxx.85, the Modem/router is 69.XXX.xxx.86.
Net mask is 255.255.255.248
The int fa0/0 is(outside) 69.xxx.xxx.81 and int fa0/1 my internal network is 172.16.xxx.xxx/16.
I can ping thru the router to the outside, but I can not ping from the modem to the inside.... this is where my woes begin....
I want to be able to set up a web server, a ftp server and an RDP connection for people to hit the server from the outside on ip 69.xxx.xxx.85.
but for some reason unknown to me, I can not get the router (2621) to pass the trafic thru.
I have removed my in bound access-list for trouble shooting purposes, so please dont think Im a fool running wide open....
I have included my sh run and as you can see I would like anyone who hits the 69.xxx.xxx.85 address, depending on port #, to either start an RDP session or Hit the FTP server.  I have yet to set the NAT up for the http....I figure Im failing at two, why go for three....
So if you see the mistake that im not, please let me know...
thanks in advance people
ip subnet-zero
!
!
ip name-server 206.13.28.12
ip name-server 206.13.29.12
!
!
!
!
interface FastEthernet0/0
 ip address 69.XXX.XXX.81 255.255.255.248
 ip access-group 101 in
 ip nat outside
 no ip mroute-cache
 speed auto
 full-duplex
 no cdp enable
!
interface BRI0/0
 no ip address
 shutdown
!
interface FastEthernet0/1
 ip address 172.16.1.1 255.255.0.0
 ip nat inside
 speed auto
 full-duplex
!
!
ip default-gateway 69.XXX.XXX.86
ip nat inside source list 2 interface FastEthernet0/0 overload
ip nat inside source static tcp 172.16.10.1 20 69.XXX.XXX.85 20 extendable
ip nat inside source static tcp 172.16.10.1 21 69.XXX.XXX.85 21 extendable
ip nat inside source static tcp 172.16.10.1 3389 69.XXX.XXX.85 3389 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 69.225.219.86 name DSL-service
ip http server
no ip pim bidir-enable
!
access-list 2 permit 172.16.0.0 0.0.255.255
access-list 2 permit any
access-list 101 permit tcp any any
access-list 101 permit udp any eq domain any
access-list 101 permit icmp any any
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
0
CCNPwanabe
Asked:
CCNPwanabe
  • 4
  • 3
1 Solution
 
lrmooreCommented:
>but I can not ping from the modem to the inside....
Of course not, you don't have a static for ICMP

Have you verified on the server 172.16.10.1 that its default gateway points to the router 172.16.1.1 ?
0
 
lrmooreCommented:
You might try a 1-1 static nat for troubleshooting purposes:

ip nat inside source static 172.16.10.1 69.x.x.85

And you can also deny this IP from the nat acl:

access-list 2 deny 172.16.10.1
access-list 2 permit 172.16.0.0 0.0.255.255

0
 
CCNPwanabeAuthor Commented:
Im positive that the default gateway is 172.16.1.1 for the Eth port on the server.
Just tried what you sugested and same results.
Ive also tried ip route statements that point between the networks and NADA...
never the less, I do appreciate all your efforts  and help!

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
lrmooreCommented:
So outgoing, web browsing etc works from the inside going out?

Where are you trying to hit the nat'd web server/ftp server from? From the inside of your network? You never will be able to use the public IP from inside. You must test from outside..
0
 
CCNPwanabeAuthor Commented:
Yeah, I know. Im using the terminal server at my place of work, and its internet connection..,
0
 
CCNPwanabeAuthor Commented:
Im a J^ck ^55
Because the modenm is also a router, I enabled ripo on both sides and added the network statements to the cisco and viola...
thanks for your help any how, I guess two or more heads are better....
0
 
lrmooreCommented:
D' OH!
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now