cisco 1720 behind a DSL router??

I have a cisco 1720 behind a  DSL Netopia router. I have configured the  1720 as shown below but I am not able to get past my LAn with this. Could you have a look and let me know if I have made a mistake somewhere in my config.The gateway address on my netopia (LAN) side is 192.168.10.254 and the WAN side is 69.152.XX.XX . I have mapped the ethernet0 interface of my 1720 to a public address(I have done this mapping in the DSL router) Thank you for your help.


Current configuration : 919 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname XXXXXX
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$XXXXXXXXXXXX
enable password XXXXXX
!
memory-size iomem 25
no aaa new-model
ip subnet-zero
!
!
!
ip dhcp pool cpe
network 192.168.15.0 255.255.255.0
   dns-server 151.164.XX.XX
   default-router 192.168.15.1
!
ip cef
!
!
!
!
interface Ethernet0
 ip address 192.168.10.10 255.255.255.0
 no ip unreachables
 ip nat outside
 half-duplex
 no cdp enable
!
interface FastEthernet0
 ip address 192.168.15.1 255.255.255.0
 ip nat inside
 speed auto
 no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.10.254
no ip http server
!
access-list 1 permit 192.168.110.0 0.0.0.255
dialer-list 1 protocol ip permit
!
line con 0
 exec-timeout 0 0
line aux 0
line vty 0 4
 password XXXX
 login
!
end


aej1973Asked:
Who is Participating?
 
lrmooreConnect With a Mentor Commented:
Remove these two lines
 router(config)# no ip nat pool mypool 192.168.10.10 192.168.10.10 netmask 255.255.255.0
 router(config)# no ip nat inside source list 1 pool nat overload

Add this one
  access-list 2 permit 192.168.15.0 0.0.0.255

0
 
netspec01Commented:
Looks like you are missing an IP NAT pool.
0
 
aej1973Author Commented:
Where??
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
lrmooreCommented:
you have Ip nat inside, and IP nat outside interfaces, but you don't define the NAT:

add these two lines:

  access-list 2 permit 192.168.15.0 0.0.0.255
  ip nat inside source list 2 interface Ethernet0 overload

0
 
netspec01Commented:
This is what you need:

1. nat pool defined for PAT
2. NAT inside for inside interface
3. nat outside for outside interface
4. an ACL to define interesting traffic
5. a route for traffic pointing to upstream router

I just tested this on 12.3(9).

interface Ethernet0
 ip address 192.168.10.10 255.255.255.0
 ip nat outside
!
interface FastEthernet0
 ip address 192.168.15.1 255.255.255.0
 ip nat inside  
!
ip route 0.0.0.0 0.0.0.0 192.168.10.254
!
access-list 1 permit 192.168.15.0 0.0.0.255
!
ip nat pool mypool 192.168.10.10 192.168.10.10 netmask 255.255.255.0
Ip nat source list 1 mypool overload
0
 
aej1973Author Commented:
these are the  changes i made and it still does not seem to be working. Even after I have mapped  ethernet0 to a public IP I am not able to ping it from outside.????

Current configuration : 1089 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Texas_Tunnel
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$Pyd0$fMn65blA5ESj/9aYAPiWO/
enable password 73arun
!
memory-size iomem 25
no aaa new-model
ip subnet-zero
!
!
!
ip dhcp pool cpe
 network 192.168.15.0 255.255.255.0
   dns-server 151.164.1.8
   default-router 192.168.15.1
!
ip cef
!
!
!
!
interface Ethernet0
 ip address 192.168.10.10 255.255.255.0
 no ip unreachables
 ip nat outside
 half-duplex
 no cdp enable
!
interface FastEthernet0
 ip address 192.168.15.1 255.255.255.0
 ip nat inside
 speed auto
 no cdp enable
!
ip nat pool mypool 192.168.10.10 192.168.10.10 netmask 255.255.255.0
ip nat inside source list 1 pool nat overload
ip nat inside source list 2 interface Ethernet0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.10.254
no ip http server
!
access-list 1 permit 192.168.15.0 0.0.0.255
dialer-list 1 protocol ip permit
!
line con 0
 exec-timeout 0 0
line aux 0
line vty 0 4
 password arun1973
 login
!
end


0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.