Link to home
Start Free TrialLog in
Avatar of xaracomputers
xaracomputersFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Cisco 837 - NON NAT operation

Please can some one help me.  i need to urgently (thus the 500 points) configure the above cisco router to perform NON nat operation.  my ISP has assigned me a block of 8 IPs of which 5 are useable.  the assigned router IP address is 88.96.34.XX and a subnet of 255.255.255.248.  The router should stay connected to the internet permanently.  It is an ADSL connection with PPOA.  when my router connects to the internet it gets assigned the above IP and this is to be used as the gateway address on my firewall.

Thanks in advance.
Avatar of Scotty_cisco
Scotty_cisco

Is there a nat inside or a nat outside in the configuration?  If so remove them the cisco routers will only nat if they are specified, and defined.

Thanks
Scott
Avatar of xaracomputers

ASKER

my config is as follows:


Using 1406 out of 131072 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service dhcp
!
hostname scw-gw
!
logging queue-limit 100
logging buffered 4096 debugging
enable secret 5 $1$0.af$yxVf1jjSfBxcBN20uQhoE/
!
ip subnet-zero
no ip domain lookup
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool CLIENT
   import all
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1
   lease 0 2
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
partition flash 2 10 2
!
!
!
!
interface Ethernet0
 ip address 10.10.10.1 255.255.255.0
 hold-queue 100 out
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface Dialer0
 ip address negotiated
 encapsulation ppp
 dialer pool 1
 ppp authentication chap callin
 ppp chap hostname myusername
 ppp chap password 0 mypassword
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
no ip http secure-server
!
access-list 1 permit 0.0.0.0 255.255.255.248
access-list 10 permit 0.0.0.0 255.255.255.248
access-list 23 permit 0.0.0.0 255.255.255.248
!
line con 0
 exec-timeout 120 0
 no modem enable
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 access-class 10 in
 exec-timeout 120 0
 password
 login
 length 0
!
scheduler max-task-time 5000
!
end
There is no nat you should be able to put a routable address on e0 and then use the others the way you want .... or am I missing something here?

Thanks
scott
all i want to do is to be able to put live ips after the connection.  i guess putting a routable ip address on e0 should work but i do not know how to.  can i not place the ISP assigned router ip here as this is what we do with the effecient networks modems (BT modems).  you have to excuse my ignorance but i am very new to cisco.

ps.  i should be able to what i want with the live ips, ie they should not go through the firewall.
how much of the CLI do you know?

because you go into config t mode and then
router(config)#int e0
router(config-int)ip address 88.96.34.XX 255.255.255.248 using the first of the 5 ip addresses then using another for the firewall or whatever you want to use.  

router(config-int) end
router#wr mem

That should save and everything.

Thanks
scott
i have tried that and i get the below response:

88.96.34.16 overlaps with Dialer0
any reasons that you are against running NAT?  beacuse that makes it sound like they are routing everything (the 5 addresses to you outside address) if that is the case you can put some static NAT statements in and do it that way?

Thanks
Scott
please could you give me a sample config file? as i am getting so lost with this.
ok let me look at yours and add some things

but your dialer is going to have ip nat outside your ethernet will be IP nat inside do you have any specific translations that you want a specific IP address to translate to?

Thanks
scott
i do not need any specific ips to translate to anything as i am using the cisco only as a modem for other firewalls.  the only reason for cisco is the stability they provide.
ok

so you want a basic nat .... I will use your existing config

version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service dhcp
!
hostname scw-gw
!
logging queue-limit 100
logging buffered 4096 debugging
enable secret 5 $1$0.af$yxVf1jjSfBxcBN20uQhoE/
!
ip subnet-zero
no ip domain lookup
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool CLIENT
   import all
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1
   lease 0 2
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
partition flash 2 10 2
!
!
!
!
interface Ethernet0
 ip address 10.10.10.1 255.255.255.0
 hold-queue 100 out
 ip nat outside
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface Dialer0
 ip address negotiated
 encapsulation ppp
 ip nat outside
 dialer pool 1
 ppp authentication chap callin
 ppp chap hostname myusername
 ppp chap password 0 mypassword
!
ip nat inside source list 100 interface dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
no ip http secure-server
!
access-list 1 permit 0.0.0.0 255.255.255.248
access-list 10 permit 0.0.0.0 255.255.255.248
access-list 23 permit 0.0.0.0 255.255.255.248
access-list 100 permit 10.10.10.0 0.0.0.255
!
line con 0
 exec-timeout 120 0
 no modem enable
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 access-class 10 in
 exec-timeout 120 0
 password
 login
 length 0
!

notice the list 100 defines what you want to nat and that inside is ethernet outside is dialer

statics are easily set as well.

here is an exampl on cisco's website.
http://www.cisco.com/en/US/products/hw/routers/ps380/products_configuration_guide_chapter09186a008045d278.html

thanks
Scott
oops


interface Ethernet0
 ip address 10.10.10.1 255.255.255.0
 hold-queue 100 out
 ip nat INSIDE..........
hi scott,

sorry about this but i don't need a NAT solution, i need a non NAT solution that will let me use my additional public ip addresses.  this means that if i have my router (ISP) assigned IP address as 88.96.34.22 i need to be able to use 88.96.34.21 on either a server or firewall or whatever with no restrictions. i do not even need DHCP or a private ip address.

thanks for the config but i guess i am going to trouble you for it again with the above settings.
the problem with ISP's is that they always do that ..... AAAARRRGGGHHHH .... they need to give you a wan address and then a routeable block behind that but they won't so let me look for a different solution.

Thanks
Scott
yes you are right cause i have another bulldog connection which has a seperate WAN address when connected and a completely different ip address for the eth interface.

please get the full config for me as i really need to get this done more than understand what is going on at the moment :-)
can you try this

config t
router(config)#int e0
router(config)#ip address unnumbered dialer0

and see if it takes it?

you will need to be consoled to it.

Thanks
scott
it accepted it however this is what the config looks like but it does not work:

show start
Using 1247 out of 131072 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service dhcp
!
hostname scw-gw
!
logging queue-limit 100
logging buffered 4096 debugging
enable secret 5 $1$0.af$yxVf1jjSfBxcBN20uQhoE/
!
ip subnet-zero
no ip domain lookup
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool CLIENT
   import all
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1
   lease 0 2
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
partition flash 2 10 2
!
!
!
!
interface Ethernet0
 no ip address
 hold-queue 100 out
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface Dialer0
 ip address negotiated
 encapsulation ppp
 dialer pool 1
 ppp authentication chap callin
 ppp chap hostname *******
 ppp chap password 0 ********
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
no ip http secure-server
!
!
line con 0
 exec-timeout 120 0
 no modem enable
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 access-class 10 in
 exec-timeout 120 0
 password ******
 login
 length 0
!
scheduler max-task-time 5000
!
end
you could always turn the router into a bridge

I don't like that option... so if you do a show IP interface brief you get no IP addresses?

Thanks
Scott
the solution with the config above did NOT work.  i am getting quite desperate now.  please see if there is any editing that you can do.  the BT (effecient networks) routers that we use are all set in bridge mode so maybe this is an option.  
if you need to get it running you can nat and add the static nat to the inside PC's right now... I know that works and when you have time to work with it then I can also work up a different configuration.

Thanks
Scott
i cant do that as i need my firewall to have a public address as there is going to be a vpn to the firewall.  this is why i do not need nat.
ASKER CERTIFIED SOLUTION
Avatar of Scotty_cisco
Scotty_cisco

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial