tarheel_computers
asked on
Cisco NAT problems
Help, I am ready to take this nice Cisco 3400 outside and run over it. Here is my problem. I volunteer time for a small webhosting company keeping their equipment running. They recently bought a used 3440 and have asked me to get it running in place of the Linksys router they had been using. After loading IOS 12.2, I can't get it to work with their nat. We have one external IP, and have an email server and webserver running on a 192.168 ip range. I have a DNS server running for the outside to access on one machine, and DNS running on another machine for the internal side. I can get the machines on the inside to where they can surf, but noone from the outside world can see the websites, enail, or dns. Please tell me what I have done wrong??? Here is a copy of the config:
Current configuration : 3477 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname ActionDigital01
!
aaa new-model
enable secret (password removed)
!
username ActionDigital01 password (password removed)
clock timezone eastern -5
ip subnet-zero
!
!
ip name-server 12.345.678.90 (ip changed to protect the innocent)
ip name-server 12.345.678.90 (ip changed to protect the innocent)
!
!
!
--More--
!
!
!
!
!
!
interface FastEthernet0/0
description connected to CorporateNetwork
ip address 12.345.678.901 (ip changed to protect the innocent) 255.255.255.224
no ip proxy-arp
ip nat outside
no ip route-cache
no ip mroute-cache
speed 10
half-duplex
!
interface FastEthernet1/0
description connected to EthernetLAN
ip address 192.168.1.1 255.255.255.0
no ip proxy-arp
ip nat inside
no ip route-cache
no ip mroute-cache
--More--
duplex auto
speed auto
!
router rip
version 2
passive-interface FastEthernet0/0
network 192.168.1.0
no auto-summary
!
ip default-gateway 12.345.678.90 (ip changed to protect the innocent)
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static udp 12.345.678.901 53 192.168.1.2 53 extendable
ip nat inside source static tcp 12.345.678.901 20 192.168.1.2 20 extendable
ip nat inside source static tcp 12.345.678.901 80 192.168.1.2 80 extendable
ip nat inside source static tcp 12.345.678.901 7071 192.168.1.2 7071 extendable
ip nat inside source static tcp 12.345.678.901 443 192.168.1.2 443 extendable
ip nat inside source static udp 12.345.678.901 443 192.168.1.2 443 extendable
ip nat inside source static tcp 12.345.678.901 9900 65.199.239.138 9900 extendable
ip nat inside source static tcp 12.345.678.901 110 192.168.1.3 110 extendable
ip nat inside source static tcp 12.345.678.901 3389 192.168.1.3 3389 extendable
ip nat inside source static tcp 12.345.678.901 25 192.168.1.3 25 extendable
ip nat inside source static tcp 12.345.678.901 8528 192.168.1.3 8528 extendable
ip nat inside source static tcp 12.345.678.901 8526 192.168.1.3 8526 extendable
ip nat inside source static tcp 12.345.678.901 21 192.168.1.2 21 extendable
ip nat inside source static tcp 12.345.678.901 7070 192.168.1.2 7070 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 12.345.678.90
ip http server
no ip pim bidir-enable
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip any any
access-list 101 permit tcp any any established
access-list 101 permit tcp any host 12.345.678.901 eq 107
access-list 101 permit tcp any host 12.345.678.901 eq pop3
access-list 101 permit udp any host 12.345.678.901 eq domain
access-list 101 permit tcp any host 12.345.678.901 eq domain
access-list 101 permit tcp any host 12.345.678.901 range ftp-data ftp
access-list 101 permit tcp any host 12.345.678.901 eq www
access-list 101 permit tcp any host 12.345.678.901 eq 443
access-list 101 permit tcp any host 12.345.678.901 eq 9900
access-list 101 permit tcp any host 12.345.678.901 eq 3389
access-list 101 permit tcp any host 12.345.678.901 eq 8528
access-list 101 permit tcp any host 12.345.678.901 eq 8526
access-list 101 permit tcp any host 12.345.678.901 eq 7070
access-list 101 permit tcp any host 12.345.678.901 eq smtp
access-list 101 permit udp any host 12.345.678.901 eq 443
access-list 101 permit tcp any host 12.345.678.901 eq 7071
access-list 101 permit ip any any
snmp-server community public RO
!
dial-peer cor custom
!
!
!
!
line con 0
exec-timeout 0 0
password
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password
logging synchronous
!
end
ActionDigital01#
Any and all assistance is greatly appreciated. All external IP's and passwords have been changed to protect the innocent (ha ha ha, I was promised a case of good beer to get this running). Please help me I am very thirsty. lol
Thanks Everyone
Current configuration : 3477 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname ActionDigital01
!
aaa new-model
enable secret (password removed)
!
username ActionDigital01 password (password removed)
clock timezone eastern -5
ip subnet-zero
!
!
ip name-server 12.345.678.90 (ip changed to protect the innocent)
ip name-server 12.345.678.90 (ip changed to protect the innocent)
!
!
!
--More--
!
!
!
!
!
!
interface FastEthernet0/0
description connected to CorporateNetwork
ip address 12.345.678.901 (ip changed to protect the innocent) 255.255.255.224
no ip proxy-arp
ip nat outside
no ip route-cache
no ip mroute-cache
speed 10
half-duplex
!
interface FastEthernet1/0
description connected to EthernetLAN
ip address 192.168.1.1 255.255.255.0
no ip proxy-arp
ip nat inside
no ip route-cache
no ip mroute-cache
--More--
duplex auto
speed auto
!
router rip
version 2
passive-interface FastEthernet0/0
network 192.168.1.0
no auto-summary
!
ip default-gateway 12.345.678.90 (ip changed to protect the innocent)
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static udp 12.345.678.901 53 192.168.1.2 53 extendable
ip nat inside source static tcp 12.345.678.901 20 192.168.1.2 20 extendable
ip nat inside source static tcp 12.345.678.901 80 192.168.1.2 80 extendable
ip nat inside source static tcp 12.345.678.901 7071 192.168.1.2 7071 extendable
ip nat inside source static tcp 12.345.678.901 443 192.168.1.2 443 extendable
ip nat inside source static udp 12.345.678.901 443 192.168.1.2 443 extendable
ip nat inside source static tcp 12.345.678.901 9900 65.199.239.138 9900 extendable
ip nat inside source static tcp 12.345.678.901 110 192.168.1.3 110 extendable
ip nat inside source static tcp 12.345.678.901 3389 192.168.1.3 3389 extendable
ip nat inside source static tcp 12.345.678.901 25 192.168.1.3 25 extendable
ip nat inside source static tcp 12.345.678.901 8528 192.168.1.3 8528 extendable
ip nat inside source static tcp 12.345.678.901 8526 192.168.1.3 8526 extendable
ip nat inside source static tcp 12.345.678.901 21 192.168.1.2 21 extendable
ip nat inside source static tcp 12.345.678.901 7070 192.168.1.2 7070 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 12.345.678.90
ip http server
no ip pim bidir-enable
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip any any
access-list 101 permit tcp any any established
access-list 101 permit tcp any host 12.345.678.901 eq 107
access-list 101 permit tcp any host 12.345.678.901 eq pop3
access-list 101 permit udp any host 12.345.678.901 eq domain
access-list 101 permit tcp any host 12.345.678.901 eq domain
access-list 101 permit tcp any host 12.345.678.901 range ftp-data ftp
access-list 101 permit tcp any host 12.345.678.901 eq www
access-list 101 permit tcp any host 12.345.678.901 eq 443
access-list 101 permit tcp any host 12.345.678.901 eq 9900
access-list 101 permit tcp any host 12.345.678.901 eq 3389
access-list 101 permit tcp any host 12.345.678.901 eq 8528
access-list 101 permit tcp any host 12.345.678.901 eq 8526
access-list 101 permit tcp any host 12.345.678.901 eq 7070
access-list 101 permit tcp any host 12.345.678.901 eq smtp
access-list 101 permit udp any host 12.345.678.901 eq 443
access-list 101 permit tcp any host 12.345.678.901 eq 7071
access-list 101 permit ip any any
snmp-server community public RO
!
dial-peer cor custom
!
!
!
!
line con 0
exec-timeout 0 0
password
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password
logging synchronous
!
end
ActionDigital01#
Any and all assistance is greatly appreciated. All external IP's and passwords have been changed to protect the innocent (ha ha ha, I was promised a case of good beer to get this running). Please help me I am very thirsty. lol
Thanks Everyone
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Frabble,
YOU ROCK. I niow don't have to pull out hair anymore and have cold beverage to drink. Thank you my friend
YOU ROCK. I niow don't have to pull out hair anymore and have cold beverage to drink. Thank you my friend
Glad to have helped - good thing I don't drink beer.
Cheers,
Rajesh