?
Solved

Cisco 837 - NON NAT operation

Posted on 2006-06-02
26
Medium Priority
?
400 Views
Last Modified: 2012-06-21
Please can some one help me.  i need to urgently (thus the 500 points) configure the above cisco router to perform NON nat operation.  my ISP has assigned me a block of 8 IPs of which 5 are useable.  the assigned router IP address is 88.96.34.XX and a subnet of 255.255.255.248.  The router should stay connected to the internet permanently.  It is an ADSL connection with PPOA.  when my router connects to the internet it gets assigned the above IP and this is to be used as the gateway address on my firewall.

Thanks in advance.
0
Comment
Question by:xaracomputers
  • 12
  • 10
23 Comments
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16817337
Is there a nat inside or a nat outside in the configuration?  If so remove them the cisco routers will only nat if they are specified, and defined.

Thanks
Scott
0
 

Author Comment

by:xaracomputers
ID: 16817450
my config is as follows:


Using 1406 out of 131072 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service dhcp
!
hostname scw-gw
!
logging queue-limit 100
logging buffered 4096 debugging
enable secret 5 $1$0.af$yxVf1jjSfBxcBN20uQhoE/
!
ip subnet-zero
no ip domain lookup
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool CLIENT
   import all
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1
   lease 0 2
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
partition flash 2 10 2
!
!
!
!
interface Ethernet0
 ip address 10.10.10.1 255.255.255.0
 hold-queue 100 out
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface Dialer0
 ip address negotiated
 encapsulation ppp
 dialer pool 1
 ppp authentication chap callin
 ppp chap hostname myusername
 ppp chap password 0 mypassword
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
no ip http secure-server
!
access-list 1 permit 0.0.0.0 255.255.255.248
access-list 10 permit 0.0.0.0 255.255.255.248
access-list 23 permit 0.0.0.0 255.255.255.248
!
line con 0
 exec-timeout 120 0
 no modem enable
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 access-class 10 in
 exec-timeout 120 0
 password
 login
 length 0
!
scheduler max-task-time 5000
!
end
0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16817478
There is no nat you should be able to put a routable address on e0 and then use the others the way you want .... or am I missing something here?

Thanks
scott
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:xaracomputers
ID: 16817571
all i want to do is to be able to put live ips after the connection.  i guess putting a routable ip address on e0 should work but i do not know how to.  can i not place the ISP assigned router ip here as this is what we do with the effecient networks modems (BT modems).  you have to excuse my ignorance but i am very new to cisco.

ps.  i should be able to what i want with the live ips, ie they should not go through the firewall.
0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16817599
how much of the CLI do you know?

because you go into config t mode and then
router(config)#int e0
router(config-int)ip address 88.96.34.XX 255.255.255.248 using the first of the 5 ip addresses then using another for the firewall or whatever you want to use.  

router(config-int) end
router#wr mem

That should save and everything.

Thanks
scott
0
 

Author Comment

by:xaracomputers
ID: 16817632
i have tried that and i get the below response:

88.96.34.16 overlaps with Dialer0
0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16817700
any reasons that you are against running NAT?  beacuse that makes it sound like they are routing everything (the 5 addresses to you outside address) if that is the case you can put some static NAT statements in and do it that way?

Thanks
Scott
0
 

Author Comment

by:xaracomputers
ID: 16817733
please could you give me a sample config file? as i am getting so lost with this.
0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16817753
ok let me look at yours and add some things

but your dialer is going to have ip nat outside your ethernet will be IP nat inside do you have any specific translations that you want a specific IP address to translate to?

Thanks
scott
0
 

Author Comment

by:xaracomputers
ID: 16817781
i do not need any specific ips to translate to anything as i am using the cisco only as a modem for other firewalls.  the only reason for cisco is the stability they provide.
0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16817881
ok

so you want a basic nat .... I will use your existing config

version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service dhcp
!
hostname scw-gw
!
logging queue-limit 100
logging buffered 4096 debugging
enable secret 5 $1$0.af$yxVf1jjSfBxcBN20uQhoE/
!
ip subnet-zero
no ip domain lookup
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool CLIENT
   import all
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1
   lease 0 2
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
partition flash 2 10 2
!
!
!
!
interface Ethernet0
 ip address 10.10.10.1 255.255.255.0
 hold-queue 100 out
 ip nat outside
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface Dialer0
 ip address negotiated
 encapsulation ppp
 ip nat outside
 dialer pool 1
 ppp authentication chap callin
 ppp chap hostname myusername
 ppp chap password 0 mypassword
!
ip nat inside source list 100 interface dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
no ip http secure-server
!
access-list 1 permit 0.0.0.0 255.255.255.248
access-list 10 permit 0.0.0.0 255.255.255.248
access-list 23 permit 0.0.0.0 255.255.255.248
access-list 100 permit 10.10.10.0 0.0.0.255
!
line con 0
 exec-timeout 120 0
 no modem enable
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 access-class 10 in
 exec-timeout 120 0
 password
 login
 length 0
!

notice the list 100 defines what you want to nat and that inside is ethernet outside is dialer

statics are easily set as well.

here is an exampl on cisco's website.
http://www.cisco.com/en/US/products/hw/routers/ps380/products_configuration_guide_chapter09186a008045d278.html

thanks
Scott
0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16817893
oops


interface Ethernet0
 ip address 10.10.10.1 255.255.255.0
 hold-queue 100 out
 ip nat INSIDE..........
0
 

Author Comment

by:xaracomputers
ID: 16817955
hi scott,

sorry about this but i don't need a NAT solution, i need a non NAT solution that will let me use my additional public ip addresses.  this means that if i have my router (ISP) assigned IP address as 88.96.34.22 i need to be able to use 88.96.34.21 on either a server or firewall or whatever with no restrictions. i do not even need DHCP or a private ip address.

thanks for the config but i guess i am going to trouble you for it again with the above settings.
0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16817996
the problem with ISP's is that they always do that ..... AAAARRRGGGHHHH .... they need to give you a wan address and then a routeable block behind that but they won't so let me look for a different solution.

Thanks
Scott
0
 

Author Comment

by:xaracomputers
ID: 16818013
yes you are right cause i have another bulldog connection which has a seperate WAN address when connected and a completely different ip address for the eth interface.

please get the full config for me as i really need to get this done more than understand what is going on at the moment :-)
0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16818046
can you try this

config t
router(config)#int e0
router(config)#ip address unnumbered dialer0

and see if it takes it?

you will need to be consoled to it.

Thanks
scott
0
 

Author Comment

by:xaracomputers
ID: 16818088
it accepted it however this is what the config looks like but it does not work:

show start
Using 1247 out of 131072 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service dhcp
!
hostname scw-gw
!
logging queue-limit 100
logging buffered 4096 debugging
enable secret 5 $1$0.af$yxVf1jjSfBxcBN20uQhoE/
!
ip subnet-zero
no ip domain lookup
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool CLIENT
   import all
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1
   lease 0 2
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
partition flash 2 10 2
!
!
!
!
interface Ethernet0
 no ip address
 hold-queue 100 out
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface Dialer0
 ip address negotiated
 encapsulation ppp
 dialer pool 1
 ppp authentication chap callin
 ppp chap hostname *******
 ppp chap password 0 ********
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
no ip http secure-server
!
!
line con 0
 exec-timeout 120 0
 no modem enable
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 access-class 10 in
 exec-timeout 120 0
 password ******
 login
 length 0
!
scheduler max-task-time 5000
!
end
0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16818137
you could always turn the router into a bridge

I don't like that option... so if you do a show IP interface brief you get no IP addresses?

Thanks
Scott
0
 

Author Comment

by:xaracomputers
ID: 16818224
the solution with the config above did NOT work.  i am getting quite desperate now.  please see if there is any editing that you can do.  the BT (effecient networks) routers that we use are all set in bridge mode so maybe this is an option.  
0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16818250
if you need to get it running you can nat and add the static nat to the inside PC's right now... I know that works and when you have time to work with it then I can also work up a different configuration.

Thanks
Scott
0
 

Author Comment

by:xaracomputers
ID: 16818262
i cant do that as i need my firewall to have a public address as there is going to be a vpn to the firewall.  this is why i do not need nat.
0
 
LVL 12

Accepted Solution

by:
Scotty_cisco earned 1000 total points
ID: 16818454
well you know that it technically will be a public address there would be a one to one translation... if your doing a VPN the only way it won't work is if one side is a Checkpoint... if both sides are PIX's then you can use NAT traversal and your problem is solved so maybe I am not following something.

Thanks
Scott
0
 
LVL 28

Assisted Solution

by:mikebernhardt
mikebernhardt earned 1000 total points
ID: 16818936
If they are always going to assign the same IP to you, then try this while on the console:

config t
interface Ethernet0
 ip address 86.96.34.xx 255.255.255.248
!
interface Dialer0
 ip unnumbered ethernet0
end
wr mem
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a guide to configure bridging on Cisco Routers.  This is something I never knew was possible until after making a few phone calls to Cisco.  Using bridging saved our company money by not requiring us to purchase a new switch.  Bridgi…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question