troubleshooting Question

Cisco NAT problems

Avatar of tarheel_computers
tarheel_computers asked on
NetworkingNetworking Hardware-Other
4 Comments1 Solution973 ViewsLast Modified:
Help, I am ready to take this nice Cisco 3400 outside and run over it.  Here is my problem.  I volunteer time for a small webhosting company keeping their equipment running.  They recently bought a used 3440 and have asked me to get it running in place of the Linksys router they had been using.  After loading IOS 12.2, I can't get it to work with their nat.  We have one external IP, and have an email server and webserver running on a 192.168 ip range. I have a DNS server running for the outside to access on one machine, and DNS running on another machine for the internal side.  I can get the machines on the inside to where they can surf, but noone from the outside world can see the websites, enail, or dns.  Please tell me what I have done wrong???  Here is a copy of the config:


Current configuration : 3477 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname ActionDigital01
!
aaa new-model
enable secret (password removed)
!
username ActionDigital01 password (password removed)
clock timezone eastern -5
ip subnet-zero
!
!
ip name-server 12.345.678.90 (ip changed to protect the innocent)
ip name-server 12.345.678.90 (ip changed to protect the innocent)
!
!
!
 --More--
!
!
!
!
!
!
interface FastEthernet0/0
 description connected to CorporateNetwork
 ip address 12.345.678.901 (ip changed to protect the innocent) 255.255.255.224
 no ip proxy-arp
 ip nat outside
 no ip route-cache
 no ip mroute-cache
 speed 10
 half-duplex
!
interface FastEthernet1/0
 description connected to EthernetLAN
 ip address 192.168.1.1 255.255.255.0
 no ip proxy-arp
 ip nat inside
 no ip route-cache
 no ip mroute-cache
 --More--
 duplex auto
 speed auto
!
router rip
 version 2
 passive-interface FastEthernet0/0
 network 192.168.1.0
 no auto-summary
!
ip default-gateway 12.345.678.90 (ip changed to protect the innocent)
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static udp 12.345.678.901 53 192.168.1.2 53 extendable
ip nat inside source static tcp 12.345.678.901  20 192.168.1.2 20 extendable
ip nat inside source static tcp 12.345.678.901 80 192.168.1.2 80 extendable
ip nat inside source static tcp 12.345.678.901  7071 192.168.1.2 7071 extendable
ip nat inside source static tcp 12.345.678.901  443 192.168.1.2 443 extendable
ip nat inside source static udp 12.345.678.901  443 192.168.1.2 443 extendable
ip nat inside source static tcp 12.345.678.901  9900 65.199.239.138 9900 extendable
ip nat inside source static tcp 12.345.678.901  110 192.168.1.3 110 extendable
ip nat inside source static tcp 12.345.678.901  3389 192.168.1.3 3389 extendable
ip nat inside source static tcp 12.345.678.901  25 192.168.1.3 25 extendable
ip nat inside source static tcp 12.345.678.901  8528 192.168.1.3 8528 extendable
ip nat inside source static tcp 12.345.678.901  8526 192.168.1.3 8526 extendable
ip nat inside source static tcp 12.345.678.901  21 192.168.1.2 21 extendable
ip nat inside source static tcp 12.345.678.901  7070 192.168.1.2 7070 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 12.345.678.90
ip http server
no ip pim bidir-enable
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip any any
access-list 101 permit tcp any any established
access-list 101 permit tcp any host 12.345.678.901 eq 107
access-list 101 permit tcp any host 12.345.678.901  eq pop3
access-list 101 permit udp any host 12.345.678.901  eq domain
access-list 101 permit tcp any host 12.345.678.901  eq domain
access-list 101 permit tcp any host 12.345.678.901  range ftp-data ftp
access-list 101 permit tcp any host 12.345.678.901  eq www
access-list 101 permit tcp any host 12.345.678.901  eq 443
access-list 101 permit tcp any host 12.345.678.901  eq 9900
access-list 101 permit tcp any host 12.345.678.901  eq 3389
access-list 101 permit tcp any host 12.345.678.901  eq 8528
access-list 101 permit tcp any host 12.345.678.901  eq 8526
access-list 101 permit tcp any host 12.345.678.901  eq 7070
access-list 101 permit tcp any host 12.345.678.901  eq smtp
access-list 101 permit udp any host 12.345.678.901  eq 443
access-list 101 permit tcp any host 12.345.678.901  eq 7071
access-list 101 permit ip any any
snmp-server community public RO
!
dial-peer cor custom
!
!
!
!
line con 0
 exec-timeout 0 0
 password
 logging synchronous
line aux 0
line vty 0 4
 exec-timeout 0 0
 password
 logging synchronous
!
end

ActionDigital01#

Any and all assistance is greatly appreciated.  All external IP's and passwords have been changed to protect the innocent (ha ha ha, I was promised a case of good beer to get this running).  Please help me I am very thirsty.   lol


Thanks Everyone
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 4 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros