troubleshooting Question

Cisco NAT problems

Avatar of tarheel_computers
tarheel_computers asked on
NetworkingNetworking Hardware-Other
4 Comments1 Solution973 ViewsLast Modified:
Help, I am ready to take this nice Cisco 3400 outside and run over it.  Here is my problem.  I volunteer time for a small webhosting company keeping their equipment running.  They recently bought a used 3440 and have asked me to get it running in place of the Linksys router they had been using.  After loading IOS 12.2, I can't get it to work with their nat.  We have one external IP, and have an email server and webserver running on a 192.168 ip range. I have a DNS server running for the outside to access on one machine, and DNS running on another machine for the internal side.  I can get the machines on the inside to where they can surf, but noone from the outside world can see the websites, enail, or dns.  Please tell me what I have done wrong???  Here is a copy of the config:


Current configuration : 3477 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname ActionDigital01
!
aaa new-model
enable secret (password removed)
!
username ActionDigital01 password (password removed)
clock timezone eastern -5
ip subnet-zero
!
!
ip name-server 12.345.678.90 (ip changed to protect the innocent)
ip name-server 12.345.678.90 (ip changed to protect the innocent)
!
!
!
 --More--
!
!
!
!
!
!
interface FastEthernet0/0
 description connected to CorporateNetwork
 ip address 12.345.678.901 (ip changed to protect the innocent) 255.255.255.224
 no ip proxy-arp
 ip nat outside
 no ip route-cache
 no ip mroute-cache
 speed 10
 half-duplex
!
interface FastEthernet1/0
 description connected to EthernetLAN
 ip address 192.168.1.1 255.255.255.0
 no ip proxy-arp
 ip nat inside
 no ip route-cache
 no ip mroute-cache
 --More--
 duplex auto
 speed auto
!
router rip
 version 2
 passive-interface FastEthernet0/0
 network 192.168.1.0
 no auto-summary
!
ip default-gateway 12.345.678.90 (ip changed to protect the innocent)
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static udp 12.345.678.901 53 192.168.1.2 53 extendable
ip nat inside source static tcp 12.345.678.901  20 192.168.1.2 20 extendable
ip nat inside source static tcp 12.345.678.901 80 192.168.1.2 80 extendable
ip nat inside source static tcp 12.345.678.901  7071 192.168.1.2 7071 extendable
ip nat inside source static tcp 12.345.678.901  443 192.168.1.2 443 extendable
ip nat inside source static udp 12.345.678.901  443 192.168.1.2 443 extendable
ip nat inside source static tcp 12.345.678.901  9900 65.199.239.138 9900 extendable
ip nat inside source static tcp 12.345.678.901  110 192.168.1.3 110 extendable
ip nat inside source static tcp 12.345.678.901  3389 192.168.1.3 3389 extendable
ip nat inside source static tcp 12.345.678.901  25 192.168.1.3 25 extendable
ip nat inside source static tcp 12.345.678.901  8528 192.168.1.3 8528 extendable
ip nat inside source static tcp 12.345.678.901  8526 192.168.1.3 8526 extendable
ip nat inside source static tcp 12.345.678.901  21 192.168.1.2 21 extendable
ip nat inside source static tcp 12.345.678.901  7070 192.168.1.2 7070 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 12.345.678.90
ip http server
no ip pim bidir-enable
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip any any
access-list 101 permit tcp any any established
access-list 101 permit tcp any host 12.345.678.901 eq 107
access-list 101 permit tcp any host 12.345.678.901  eq pop3
access-list 101 permit udp any host 12.345.678.901  eq domain
access-list 101 permit tcp any host 12.345.678.901  eq domain
access-list 101 permit tcp any host 12.345.678.901  range ftp-data ftp
access-list 101 permit tcp any host 12.345.678.901  eq www
access-list 101 permit tcp any host 12.345.678.901  eq 443
access-list 101 permit tcp any host 12.345.678.901  eq 9900
access-list 101 permit tcp any host 12.345.678.901  eq 3389
access-list 101 permit tcp any host 12.345.678.901  eq 8528
access-list 101 permit tcp any host 12.345.678.901  eq 8526
access-list 101 permit tcp any host 12.345.678.901  eq 7070
access-list 101 permit tcp any host 12.345.678.901  eq smtp
access-list 101 permit udp any host 12.345.678.901  eq 443
access-list 101 permit tcp any host 12.345.678.901  eq 7071
access-list 101 permit ip any any
snmp-server community public RO
!
dial-peer cor custom
!
!
!
!
line con 0
 exec-timeout 0 0
 password
 logging synchronous
line aux 0
line vty 0 4
 exec-timeout 0 0
 password
 logging synchronous
!
end

ActionDigital01#

Any and all assistance is greatly appreciated.  All external IP's and passwords have been changed to protect the innocent (ha ha ha, I was promised a case of good beer to get this running).  Please help me I am very thirsty.   lol


Thanks Everyone
ASKER CERTIFIED SOLUTION
Frabble

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Log in to continue reading
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform for $9.99/mo
View membership options
Unlock 1 Answer and 4 Comments.
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
The Value of Experts Exchange in My Daily IT Life

Experts Exchange (EE) has become my company's go-to resource to get answers. I've used EE to make decisions, solve problems and even save customers. OutagesIO has been a challenging project and... Keep reading >>

Mike

Owner of Outages.IO
Phoenix, Arizona, United States
Member Since 2016
Join a full scale community that combines the best parts of other tools into one platform.
Unlock 1 Answer and 4 Comments.
View membership options
“All of life is about relationships, and EE has made a virtual community a real community. It lifts everyone's boat.”
William Peck

Member since 2004