• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 877
  • Last Modified:

Cisco 3620 Setup/Configuration

Hi Experts

I am sure this will be an easy question for some of you to answer, but I am new to configuring Cisco hardware using the CLI and would like to get this done efficiently - while learning a little about how to enhance/maintain my configuration as I go.  This is why I have maxed out the points on this question.

I have a 3620 that I purchased for use in a colocation environment.  I have to arrange with the colocation company when I want to go in and install new hardware - so I want to have as much of the configuration done as possible before hand - so I am not fighting with console commands while at the colo facility.

The 3620 has two ethernet ports 0/0 and 0/1.

I have a range of external IP addresses (lets say they are 1.2.3.25 through 1.2.3.35) that I want to assign to 0/0.

Depending on which external (incoming) IP and port, I want to route to an internal address & port.

Example:

1.2.3.25:80 (port 80) goes to 192.168.0.10:80 (webserver)
1.2.3.26:21 --> 192.168.0.50:21 (ftp)
1.2.3.26.3389 --> 192.168.0.51:3389 (remote desktop)
etc

Since this is in a COLO facility - a couple things go without saying, but I will mention anyways:

All machines "behind" this router are servers, and will have static internal IP addresses.  So DHCP is not required.  

Based on what I have read, I will want to configure ethernet 0/1 as 192.168.0.1 and that is the interface connected to the my Switch (cisco 2924xl en) and then to all the servers.

Thanks in advance for your help.
0
bwasyliuk
Asked:
bwasyliuk
  • 5
  • 5
1 Solution
 
Scotty_ciscoCommented:
ok so you want to go from a public internet routable address to a private RFC1918 address?  If this is the case you will need to NAT the requests ... but if you are using public to public nothing but a default route is required.

Thanks
Scott
0
 
bwasyliukAuthor Commented:
Yes, the servers are all private (will communicate amongst each other, such as web to sql server, etc) and each server will not be mapped 1-to-1 with a public address.
0
 
Scotty_ciscoCommented:
ok then you need to setup static nat translations with the following type commands

ip nat inside source tcp 192.168.1.x 80 2.3.6.x 80

syntax may be a bit off so here is a link

ip nat inside source static tcp 10.10.10.1 25 172.16.130.2 25
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Scotty_ciscoCommented:
then on the outside interface with the public address you need IP nat outside and on the inside private address you need IP NAT inside.

Thanks
scott
0
 
bwasyliukAuthor Commented:
Thanks for the input Scott - but I am really looking for more detail, as I mentioned above - I am not that familiar with the CLI, so what you are saying is a little foggy.

Also, how do I go about assigning all the outside addresses to the 0/0 interface, as per my description above.

Based on your description above (thinking of it in terms of traffic coming in):

I will need to map:
1.2.3.25:80 to 192.168.0.1:80 (the other interface) on 0/0
and then 192.168.0.1:80 to 192.168.0.10:80(server) on 0/1?

So I will need two static routes per path?  Does this only achieve routing for incoming trafic, or do I need to create static routes for port 80 going out as well??
0
 
Scotty_ciscoCommented:
You do not address all the IP addresses to the one interface you assign one with the proper subnet mask and then you add NAT translations to them to communicate with the inside of the network.

I would be happy to provide a more direct configuration but this requires a little more information that you have yet given to me .... what ports you want forwarded to what inside IP address how many ip addresses are we working with ect.

Thanks
Scott
0
 
bwasyliukAuthor Commented:
I guess thats my problem - not knowing enough of the right questions to ask... :)

Here is what I have from my service provider (first two segments masked):

You network is xxx.xxx.192.64/27
The gateway ip will be xxx.xxx.192.65
Netmask is 255.255.255.240
Useable ips are xxx.xxx.192.66-78


To start with, I want the following mappings:

xxx.xxx.192.66 :80  --> 192.168.0.10 :80
xxx.xxx.192.67 :80  --> 192.168.0.11 :80
xxx.xxx.192.72 :25  --> 192.168.0.70 :25
xxx.xxx.192.72 :110 --> 192.168.0.79.110
etc

There will be others that I will map, but if I see the syntax for the above, I am sure I can replicate it.

To me the concept here seems really easy - I just dont know the syntax to implement it.

The only curveball, is I want to do some filtering/dynamic routing on requests coming in on xxx.xxx.192.66 port 1433 (SQL) To only allow certain source IP addresses and map to different destination internal address depending on the source IP.  This is the only port that I need to do this kind of filtering/dynamic routing.
0
 
Scotty_ciscoCommented:
ok so lets assume that eth0 is the outside eth1 is the inside..
int e0
 ip nat outside
 ip address xxx.xxx.192.78 255.255.255.240

int e1
ip nat inside
ip address 192.168.0.1 255.255.255.0

ip route 0.0.0.0 0.0.0.0 xxx.xxx.192.65

ip nat inside tcp 192.168.0.10 80 x.x.192.66 80
ip nat inside tcp 192.168.0.11 80 x.x.192.67 80
ip nat inside tcp 192.168.0.70 25 x.x.192.72 25
ip nat inside tcp 192.168.0.79 110 x.x.192.72 110

That should get you started.

Thanks
Scott
0
 
bwasyliukAuthor Commented:
OK - I think I am following, only why on e0 did you put :
ip address xxx.xxx.192.78 255.255.255.240

78 is the last address in the block (of 13) that I have - how does the router "know" about all the other addresses (starting with .66)?


Also, any comment on the dynamic routing question (port 1433) above?
0
 
bwasyliukAuthor Commented:
OK - This got me started, but I need more help - so I am closing and opening a new question with my config...
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now