xaracomputers
asked on
Cisco 837 - NON NAT operation
Please can some one help me. i need to urgently (thus the 500 points) configure the above cisco router to perform NON nat operation. my ISP has assigned me a block of 8 IPs of which 5 are useable. the assigned router IP address is 88.96.34.XX and a subnet of 255.255.255.248. The router should stay connected to the internet permanently. It is an ADSL connection with PPOA. when my router connects to the internet it gets assigned the above IP and this is to be used as the gateway address on my firewall.
Thanks in advance.
Thanks in advance.
ASKER
my config is as follows:
Using 1406 out of 131072 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service dhcp
!
hostname scw-gw
!
logging queue-limit 100
logging buffered 4096 debugging
enable secret 5 $1$0.af$yxVf1jjSfBxcBN20uQ hoE/
!
ip subnet-zero
no ip domain lookup
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool CLIENT
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
lease 0 2
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
partition flash 2 10 2
!
!
!
!
interface Ethernet0
ip address 10.10.10.1 255.255.255.0
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface Dialer0
ip address negotiated
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname myusername
ppp chap password 0 mypassword
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
no ip http secure-server
!
access-list 1 permit 0.0.0.0 255.255.255.248
access-list 10 permit 0.0.0.0 255.255.255.248
access-list 23 permit 0.0.0.0 255.255.255.248
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
stopbits 1
line vty 0 4
access-class 10 in
exec-timeout 120 0
password
login
length 0
!
scheduler max-task-time 5000
!
end
Using 1406 out of 131072 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service dhcp
!
hostname scw-gw
!
logging queue-limit 100
logging buffered 4096 debugging
enable secret 5 $1$0.af$yxVf1jjSfBxcBN20uQ
!
ip subnet-zero
no ip domain lookup
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool CLIENT
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
lease 0 2
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
partition flash 2 10 2
!
!
!
!
interface Ethernet0
ip address 10.10.10.1 255.255.255.0
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface Dialer0
ip address negotiated
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname myusername
ppp chap password 0 mypassword
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
no ip http secure-server
!
access-list 1 permit 0.0.0.0 255.255.255.248
access-list 10 permit 0.0.0.0 255.255.255.248
access-list 23 permit 0.0.0.0 255.255.255.248
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
stopbits 1
line vty 0 4
access-class 10 in
exec-timeout 120 0
password
login
length 0
!
scheduler max-task-time 5000
!
end
There is no nat you should be able to put a routable address on e0 and then use the others the way you want .... or am I missing something here?
Thanks
scott
Thanks
scott
ASKER
all i want to do is to be able to put live ips after the connection. i guess putting a routable ip address on e0 should work but i do not know how to. can i not place the ISP assigned router ip here as this is what we do with the effecient networks modems (BT modems). you have to excuse my ignorance but i am very new to cisco.
ps. i should be able to what i want with the live ips, ie they should not go through the firewall.
ps. i should be able to what i want with the live ips, ie they should not go through the firewall.
how much of the CLI do you know?
because you go into config t mode and then
router(config)#int e0
router(config-int)ip address 88.96.34.XX 255.255.255.248 using the first of the 5 ip addresses then using another for the firewall or whatever you want to use.
router(config-int) end
router#wr mem
That should save and everything.
Thanks
scott
because you go into config t mode and then
router(config)#int e0
router(config-int)ip address 88.96.34.XX 255.255.255.248 using the first of the 5 ip addresses then using another for the firewall or whatever you want to use.
router(config-int) end
router#wr mem
That should save and everything.
Thanks
scott
ASKER
i have tried that and i get the below response:
88.96.34.16 overlaps with Dialer0
88.96.34.16 overlaps with Dialer0
any reasons that you are against running NAT? beacuse that makes it sound like they are routing everything (the 5 addresses to you outside address) if that is the case you can put some static NAT statements in and do it that way?
Thanks
Scott
Thanks
Scott
ASKER
please could you give me a sample config file? as i am getting so lost with this.
ok let me look at yours and add some things
but your dialer is going to have ip nat outside your ethernet will be IP nat inside do you have any specific translations that you want a specific IP address to translate to?
Thanks
scott
but your dialer is going to have ip nat outside your ethernet will be IP nat inside do you have any specific translations that you want a specific IP address to translate to?
Thanks
scott
ASKER
i do not need any specific ips to translate to anything as i am using the cisco only as a modem for other firewalls. the only reason for cisco is the stability they provide.
ok
so you want a basic nat .... I will use your existing config
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service dhcp
!
hostname scw-gw
!
logging queue-limit 100
logging buffered 4096 debugging
enable secret 5 $1$0.af$yxVf1jjSfBxcBN20uQ hoE/
!
ip subnet-zero
no ip domain lookup
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool CLIENT
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
lease 0 2
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
partition flash 2 10 2
!
!
!
!
interface Ethernet0
ip address 10.10.10.1 255.255.255.0
hold-queue 100 out
ip nat outside
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface Dialer0
ip address negotiated
encapsulation ppp
ip nat outside
dialer pool 1
ppp authentication chap callin
ppp chap hostname myusername
ppp chap password 0 mypassword
!
ip nat inside source list 100 interface dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
no ip http secure-server
!
access-list 1 permit 0.0.0.0 255.255.255.248
access-list 10 permit 0.0.0.0 255.255.255.248
access-list 23 permit 0.0.0.0 255.255.255.248
access-list 100 permit 10.10.10.0 0.0.0.255
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
stopbits 1
line vty 0 4
access-class 10 in
exec-timeout 120 0
password
login
length 0
!
notice the list 100 defines what you want to nat and that inside is ethernet outside is dialer
statics are easily set as well.
here is an exampl on cisco's website.
http://www.cisco.com/en/US/products/hw/routers/ps380/products_configuration_guide_chapter09186a008045d278.html
thanks
Scott
so you want a basic nat .... I will use your existing config
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service dhcp
!
hostname scw-gw
!
logging queue-limit 100
logging buffered 4096 debugging
enable secret 5 $1$0.af$yxVf1jjSfBxcBN20uQ
!
ip subnet-zero
no ip domain lookup
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool CLIENT
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
lease 0 2
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
partition flash 2 10 2
!
!
!
!
interface Ethernet0
ip address 10.10.10.1 255.255.255.0
hold-queue 100 out
ip nat outside
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface Dialer0
ip address negotiated
encapsulation ppp
ip nat outside
dialer pool 1
ppp authentication chap callin
ppp chap hostname myusername
ppp chap password 0 mypassword
!
ip nat inside source list 100 interface dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
no ip http secure-server
!
access-list 1 permit 0.0.0.0 255.255.255.248
access-list 10 permit 0.0.0.0 255.255.255.248
access-list 23 permit 0.0.0.0 255.255.255.248
access-list 100 permit 10.10.10.0 0.0.0.255
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
stopbits 1
line vty 0 4
access-class 10 in
exec-timeout 120 0
password
login
length 0
!
notice the list 100 defines what you want to nat and that inside is ethernet outside is dialer
statics are easily set as well.
here is an exampl on cisco's website.
http://www.cisco.com/en/US/products/hw/routers/ps380/products_configuration_guide_chapter09186a008045d278.html
thanks
Scott
oops
interface Ethernet0
ip address 10.10.10.1 255.255.255.0
hold-queue 100 out
ip nat INSIDE..........
interface Ethernet0
ip address 10.10.10.1 255.255.255.0
hold-queue 100 out
ip nat INSIDE..........
ASKER
hi scott,
sorry about this but i don't need a NAT solution, i need a non NAT solution that will let me use my additional public ip addresses. this means that if i have my router (ISP) assigned IP address as 88.96.34.22 i need to be able to use 88.96.34.21 on either a server or firewall or whatever with no restrictions. i do not even need DHCP or a private ip address.
thanks for the config but i guess i am going to trouble you for it again with the above settings.
sorry about this but i don't need a NAT solution, i need a non NAT solution that will let me use my additional public ip addresses. this means that if i have my router (ISP) assigned IP address as 88.96.34.22 i need to be able to use 88.96.34.21 on either a server or firewall or whatever with no restrictions. i do not even need DHCP or a private ip address.
thanks for the config but i guess i am going to trouble you for it again with the above settings.
the problem with ISP's is that they always do that ..... AAAARRRGGGHHHH .... they need to give you a wan address and then a routeable block behind that but they won't so let me look for a different solution.
Thanks
Scott
Thanks
Scott
ASKER
yes you are right cause i have another bulldog connection which has a seperate WAN address when connected and a completely different ip address for the eth interface.
please get the full config for me as i really need to get this done more than understand what is going on at the moment :-)
please get the full config for me as i really need to get this done more than understand what is going on at the moment :-)
can you try this
config t
router(config)#int e0
router(config)#ip address unnumbered dialer0
and see if it takes it?
you will need to be consoled to it.
Thanks
scott
config t
router(config)#int e0
router(config)#ip address unnumbered dialer0
and see if it takes it?
you will need to be consoled to it.
Thanks
scott
ASKER
it accepted it however this is what the config looks like but it does not work:
show start
Using 1247 out of 131072 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service dhcp
!
hostname scw-gw
!
logging queue-limit 100
logging buffered 4096 debugging
enable secret 5 $1$0.af$yxVf1jjSfBxcBN20uQ hoE/
!
ip subnet-zero
no ip domain lookup
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool CLIENT
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
lease 0 2
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
partition flash 2 10 2
!
!
!
!
interface Ethernet0
no ip address
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface Dialer0
ip address negotiated
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname *******
ppp chap password 0 ********
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
no ip http secure-server
!
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
stopbits 1
line vty 0 4
access-class 10 in
exec-timeout 120 0
password ******
login
length 0
!
scheduler max-task-time 5000
!
end
show start
Using 1247 out of 131072 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service dhcp
!
hostname scw-gw
!
logging queue-limit 100
logging buffered 4096 debugging
enable secret 5 $1$0.af$yxVf1jjSfBxcBN20uQ
!
ip subnet-zero
no ip domain lookup
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool CLIENT
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
lease 0 2
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
partition flash 2 10 2
!
!
!
!
interface Ethernet0
no ip address
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface Dialer0
ip address negotiated
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname *******
ppp chap password 0 ********
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
no ip http secure-server
!
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
stopbits 1
line vty 0 4
access-class 10 in
exec-timeout 120 0
password ******
login
length 0
!
scheduler max-task-time 5000
!
end
you could always turn the router into a bridge
I don't like that option... so if you do a show IP interface brief you get no IP addresses?
Thanks
Scott
I don't like that option... so if you do a show IP interface brief you get no IP addresses?
Thanks
Scott
ASKER
the solution with the config above did NOT work. i am getting quite desperate now. please see if there is any editing that you can do. the BT (effecient networks) routers that we use are all set in bridge mode so maybe this is an option.
if you need to get it running you can nat and add the static nat to the inside PC's right now... I know that works and when you have time to work with it then I can also work up a different configuration.
Thanks
Scott
Thanks
Scott
ASKER
i cant do that as i need my firewall to have a public address as there is going to be a vpn to the firewall. this is why i do not need nat.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thanks
Scott