Solved

Nat through DSL Modem-router to Cisco 2621

Posted on 2004-09-06
7
423 Views
Last Modified: 2010-05-18
Ill try to keep it simple and short....
I have 5 static IP address's on my dsl subscription, 69.xxx.xxx.81 thru 69.xxx.xxx.85, the Modem/router is 69.XXX.xxx.86.
Net mask is 255.255.255.248
The int fa0/0 is(outside) 69.xxx.xxx.81 and int fa0/1 my internal network is 172.16.xxx.xxx/16.
I can ping thru the router to the outside, but I can not ping from the modem to the inside.... this is where my woes begin....
I want to be able to set up a web server, a ftp server and an RDP connection for people to hit the server from the outside on ip 69.xxx.xxx.85.
but for some reason unknown to me, I can not get the router (2621) to pass the trafic thru.
I have removed my in bound access-list for trouble shooting purposes, so please dont think Im a fool running wide open....
I have included my sh run and as you can see I would like anyone who hits the 69.xxx.xxx.85 address, depending on port #, to either start an RDP session or Hit the FTP server.  I have yet to set the NAT up for the http....I figure Im failing at two, why go for three....
So if you see the mistake that im not, please let me know...
thanks in advance people
ip subnet-zero
!
!
ip name-server 206.13.28.12
ip name-server 206.13.29.12
!
!
!
!
interface FastEthernet0/0
 ip address 69.XXX.XXX.81 255.255.255.248
 ip access-group 101 in
 ip nat outside
 no ip mroute-cache
 speed auto
 full-duplex
 no cdp enable
!
interface BRI0/0
 no ip address
 shutdown
!
interface FastEthernet0/1
 ip address 172.16.1.1 255.255.0.0
 ip nat inside
 speed auto
 full-duplex
!
!
ip default-gateway 69.XXX.XXX.86
ip nat inside source list 2 interface FastEthernet0/0 overload
ip nat inside source static tcp 172.16.10.1 20 69.XXX.XXX.85 20 extendable
ip nat inside source static tcp 172.16.10.1 21 69.XXX.XXX.85 21 extendable
ip nat inside source static tcp 172.16.10.1 3389 69.XXX.XXX.85 3389 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 69.225.219.86 name DSL-service
ip http server
no ip pim bidir-enable
!
access-list 2 permit 172.16.0.0 0.0.255.255
access-list 2 permit any
access-list 101 permit tcp any any
access-list 101 permit udp any eq domain any
access-list 101 permit icmp any any
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
0
Comment
Question by:CCNPwanabe
  • 4
  • 3
7 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 11993240
>but I can not ping from the modem to the inside....
Of course not, you don't have a static for ICMP

Have you verified on the server 172.16.10.1 that its default gateway points to the router 172.16.1.1 ?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 11993250
You might try a 1-1 static nat for troubleshooting purposes:

ip nat inside source static 172.16.10.1 69.x.x.85

And you can also deny this IP from the nat acl:

access-list 2 deny 172.16.10.1
access-list 2 permit 172.16.0.0 0.0.255.255

0
 

Author Comment

by:CCNPwanabe
ID: 11993798
Im positive that the default gateway is 172.16.1.1 for the Eth port on the server.
Just tried what you sugested and same results.
Ive also tried ip route statements that point between the networks and NADA...
never the less, I do appreciate all your efforts  and help!

0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 79

Expert Comment

by:lrmoore
ID: 11995897
So outgoing, web browsing etc works from the inside going out?

Where are you trying to hit the nat'd web server/ftp server from? From the inside of your network? You never will be able to use the public IP from inside. You must test from outside..
0
 

Author Comment

by:CCNPwanabe
ID: 11996775
Yeah, I know. Im using the terminal server at my place of work, and its internet connection..,
0
 

Author Comment

by:CCNPwanabe
ID: 12003345
Im a J^ck ^55
Because the modenm is also a router, I enabled ripo on both sides and added the network statements to the cisco and viola...
thanks for your help any how, I guess two or more heads are better....
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 125 total points
ID: 12005123
D' OH!
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

Suggested Solutions

In a WLAN, anything you broadcast over the air can be intercepted.  By default a wireless network is wide open to all until security is configured. Even when security is configured information can still be intercepted! It is very important that you …
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now