Solved

access external IP from internal LAN

Posted on 2008-06-25
2
980 Views
Last Modified: 2008-07-01
Hi,

I'm trying to get ZEND studio to work with my Cisco 1841. For this I need to be able to access the IP address of the external interface (FastEthernet0/0, x.x.x.x) from a computer that is connected to the local LAN (FastEthernet0/1, y.y.y.y). Is there a way to do this with the Cisco 1841 ?

Kind regards.
0
Comment
Question by:bramsauer
2 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 21864542
You can look at configuring NVI (NAT Virtual Interface) so you can access an internal resource via the external IP.

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtnatvi.html

Alternatively, if you have an internal DNS server and you can specify a hostname in ZEND studio, you could add a zone and record to your internal DNS server and specify the internal IP so it will use the internal IP when in the office and the external IP when connecting over the Internet.
0
 

Author Comment

by:bramsauer
ID: 21872337
I've checked out the cisco document, but the example and explanation is based on VPN routing/forwarding. I'm having some trouble figuring out how I could implement it in the current running configuration without completely messing it up. Can you give me some pointers ?

Kind regards,


!

! No configuration change since last restart

!

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

service sequence-numbers

!

hostname gateway

!

boot-start-marker

boot-end-marker

!

security authentication failure rate 3 log

security passwords min-length 6

logging buffered 51200 errors

logging console critical

enable secret 5 XXXXXXXXXXXXXXXXX

!

aaa new-model

!

!

aaa authentication login local_authen local

aaa authorization exec local_author local 

!

aaa session-id common

!

resource policy

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

no ip source-route

ip cef

!

!

ip inspect name SDM_LOW cuseeme

ip inspect name SDM_LOW dns

ip inspect name SDM_LOW ftp

ip inspect name SDM_LOW h323

ip inspect name SDM_LOW https

ip inspect name SDM_LOW icmp

ip inspect name SDM_LOW imap

ip inspect name SDM_LOW pop3

ip inspect name SDM_LOW netshow

ip inspect name SDM_LOW rcmd

ip inspect name SDM_LOW realaudio

ip inspect name SDM_LOW rtsp

ip inspect name SDM_LOW esmtp

ip inspect name SDM_LOW sqlnet

ip inspect name SDM_LOW streamworks

ip inspect name SDM_LOW tftp

ip inspect name SDM_LOW tcp

ip inspect name SDM_LOW udp

ip inspect name SDM_LOW vdolive

ip tcp synwait-time 10

!

!

ip ftp username cisco

ip ftp password 7 094F41071F0C10

no ip bootp server

ip domain name xxxxx

ip name-server 195.18.115.5

ip name-server 195.18.114.5

!

!

!

!

username manager password 7 xxxxxx

!

! 

!

!

!

interface Null0

 no ip unreachables

!

interface FastEthernet0/0

 description Internet Uplink$ETH-LAN$$FW_OUTSIDE$

 ip address 10.0.0.1 255.255.255.248

 ip access-group 101 in

 ip verify unicast reverse-path

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip inspect SDM_LOW out

 ip nat outside

 ip virtual-reassembly

 ip route-cache flow

 duplex auto

 speed auto

 no mop enabled

!

interface FastEthernet0/1

 no ip address

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip route-cache flow

 shutdown

 duplex auto

 speed auto

 no mop enabled

!

interface FastEthernet0/0/0

 description Upper Switch

 switchport mode trunk

!

interface FastEthernet0/0/1

 switchport mode trunk

 shutdown

!

interface FastEthernet0/0/2

 shutdown

!

interface FastEthernet0/0/3

 switchport mode trunk

 shutdown

!

interface Vlan1

 description Private LAN$FW_INSIDE$

 ip address 172.16.1.1 255.255.255.0

 ip access-group 100 in

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip nat inside

 ip virtual-reassembly

 ip route-cache flow

!

ip classless

ip route 0.0.0.0 0.0.0.0 212.61.144.153 permanent

!

ip http server

ip http access-class 2

no ip http secure-server

ip nat inside source list 1 interface FastEthernet0/0 overload

ip nat inside source static udp 172.16.1.90 40404 interface FastEthernet0/0 40404

ip nat inside source static tcp 172.16.1.8 1433 interface FastEthernet0/0 1433

ip nat inside source static tcp 172.16.1.9 3307 interface FastEthernet0/0 3307

ip nat inside source static tcp 172.16.1.90 40404 interface FastEthernet0/0 40404

ip nat inside source static tcp 172.16.1.37 20087 interface FastEthernet0/0 20087

ip nat inside source static udp 172.16.1.37 20087 interface FastEthernet0/0 20087

ip nat inside source static tcp 172.16.1.94 20084 interface FastEthernet0/0 20084

ip nat inside source static udp 172.16.1.94 20084 interface FastEthernet0/0 20084

ip nat inside source static tcp 172.16.1.93 20083 interface FastEthernet0/0 20083

ip nat inside source static udp 172.16.1.93 20083 interface FastEthernet0/0 20083

ip nat inside source static tcp 172.16.1.92 20082 interface FastEthernet0/0 20082

ip nat inside source static udp 172.16.1.92 20082 interface FastEthernet0/0 20082

ip nat inside source static tcp 172.16.1.91 20081 interface FastEthernet0/0 20081

ip nat inside source static udp 172.16.1.91 20081 interface FastEthernet0/0 20081

ip nat inside source static tcp 172.16.1.99 20080 interface FastEthernet0/0 20080

ip nat inside source static udp 172.16.1.99 20080 interface FastEthernet0/0 20080

ip nat inside source static tcp 172.16.1.37 10007 interface FastEthernet0/0 10007

ip nat inside source static udp 172.16.1.37 10007 interface FastEthernet0/0 10007

ip nat inside source static tcp 172.16.1.94 10004 interface FastEthernet0/0 10004

ip nat inside source static udp 172.16.1.94 10004 interface FastEthernet0/0 10004

ip nat inside source static tcp 172.16.1.93 10003 interface FastEthernet0/0 10003

ip nat inside source static udp 172.16.1.93 10003 interface FastEthernet0/0 10003

ip nat inside source static tcp 172.16.1.92 10002 interface FastEthernet0/0 10002

ip nat inside source static udp 172.16.1.92 10002 interface FastEthernet0/0 10002

ip nat inside source static tcp 172.16.1.91 10001 interface FastEthernet0/0 10001

ip nat inside source static udp 172.16.1.91 10001 interface FastEthernet0/0 10001

ip nat inside source static tcp 172.16.1.99 10000 interface FastEthernet0/0 10000

ip nat inside source static udp 172.16.1.99 10000 interface FastEthernet0/0 10000

ip nat inside source static tcp 172.16.1.5 8445 interface FastEthernet0/0 8445

ip nat inside source static tcp 172.16.1.5 25 interface FastEthernet0/0 25

ip nat inside source static tcp 172.16.1.5 1723 interface FastEthernet0/0 1723

!

logging 172.16.1.2

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 172.16.1.0 0.0.0.255

access-list 2 remark Auto generated by SDM Management Access feature

access-list 2 remark SDM_ACL Category=1

access-list 2 permit 172.16.1.90

access-list 100 remark auto generated by SDM firewall configuration

access-list 100 remark SDM_ACL Category=1

access-list 100 permit ip host 172.16.1.90 any

access-list 100 permit ip host 172.16.1.32 208.65.152.0 0.0.3.255

access-list 100 permit ip host 172.16.1.36 208.65.152.0 0.0.3.255

access-list 100 permit ip host 172.16.1.43 208.65.152.0 0.0.3.255

access-list 100 permit ip host 172.16.1.45 208.65.152.0 0.0.3.255

access-list 100 permit ip host 172.16.1.32 host 85.17.175.234

access-list 100 permit ip host 172.16.1.32 host 64.202.189.170

access-list 100 permit ip host 172.16.1.32 host 85.17.225.248

access-list 100 permit ip host 172.16.1.36 host 85.17.175.234

access-list 100 permit ip host 172.16.1.36 host 64.202.189.170

access-list 100 permit ip host 172.16.1.36 host 85.17.225.248

access-list 100 permit ip host 172.16.1.43 host 85.17.175.234

access-list 100 permit ip host 172.16.1.43 host 64.202.189.170

access-list 100 permit ip host 172.16.1.43 host 85.17.225.248

access-list 100 permit ip host 172.16.1.45 host 85.17.175.234

access-list 100 permit ip host 172.16.1.45 host 64.202.189.170

access-list 100 permit ip host 172.16.1.45 host 85.17.225.248

access-list 100 permit ip host 172.16.1.96 host 85.17.175.234

access-list 100 permit ip host 172.16.1.96 host 64.202.189.170

access-list 100 permit ip host 172.16.1.96 host 85.17.225.248

access-list 100 deny   ip any 208.65.152.0 0.0.3.255

access-list 100 deny   ip any host 85.17.175.234

access-list 100 deny   ip any host 85.17.225.248

access-list 100 deny   ip any host 64.202.189.170

access-list 100 permit tcp host 172.16.1.90 host 172.16.1.1 eq telnet

access-list 100 permit tcp host 172.16.1.90 host 172.16.1.1 eq 22

access-list 100 permit tcp host 172.16.1.90 host 172.16.1.1 eq www

access-list 100 permit tcp host 172.16.1.90 host 172.16.1.1 eq 443

access-list 100 permit tcp host 172.16.1.90 host 172.16.1.1 eq cmd

access-list 100 permit udp host 172.16.1.90 host 172.16.1.1 eq snmp

access-list 100 permit udp host 172.16.1.2 host 172.16.1.1 eq snmp

access-list 100 deny   tcp any host 172.16.1.1 eq telnet

access-list 100 deny   tcp any host 172.16.1.1 eq 22

access-list 100 deny   tcp any host 172.16.1.1 eq www

access-list 100 deny   tcp any host 172.16.1.1 eq 443

access-list 100 deny   tcp any host 172.16.1.1 eq cmd

access-list 100 deny   udp any host 172.16.1.1 eq snmp

access-list 100 remark Auto generated by SDM for NTP (123) ntp.xs4all.nl

access-list 100 permit udp host 194.109.22.18 eq ntp host 172.16.1.1 eq ntp

access-list 100 deny   ip 212.61.144.152 0.0.0.7 any

access-list 100 deny   ip host 255.255.255.255 any

access-list 100 deny   ip 127.0.0.0 0.255.255.255 any

access-list 100 permit ip any any

access-list 101 remark auto generated by SDM firewall configuration

access-list 101 remark SDM_ACL Category=1

access-list 101 permit tcp any host 10.0.0.1 eq 1723

access-list 101 permit tcp any host 10.0.0.1 eq smtp

access-list 101 permit tcp host 10.0.1.182 host 10.0.0.1 eq 1433

access-list 101 permit tcp host 10.0.1.182 host 10.0.0.1 eq 3307

access-list 101 permit tcp host 10.0.1.181 host 10.0.0.1 eq 1433

access-list 101 permit tcp host 10.0.1.181 host 10.0.0.1 eq 3307

access-list 101 permit tcp host 10.0.1.180 host 10.0.0.1 eq 1433

access-list 101 permit tcp host 10.0.1.180 host 10.0.0.1 eq 3307

access-list 101 permit tcp host 10.0.1.179 host 10.0.0.1 eq 1433

access-list 101 permit tcp host 10.0.1.179 host 10.0.0.1 eq 3307

access-list 101 permit tcp host 10.0.1.178 host 10.0.0.1 eq 1433

access-list 101 permit tcp host 10.0.1.178 host 10.0.0.1 eq 3307

access-list 101 permit gre any host 10.0.0.1

access-list 101 permit tcp any host 10.0.0.1 eq 8445

access-list 101 permit tcp any host 10.0.0.1 eq 10000

access-list 101 permit udp any host 10.0.0.1 eq 10000

access-list 101 permit tcp any host 10.0.0.1 eq 10001

access-list 101 permit udp any host 10.0.0.1 eq 10001

access-list 101 permit tcp any host 10.0.0.1 eq 10002

access-list 101 permit udp any host 10.0.0.1 eq 10002

access-list 101 permit tcp any host 10.0.0.1 eq 10003

access-list 101 permit udp any host 10.0.0.1 eq 10003

access-list 101 permit tcp any host 10.0.0.1 eq 10004

access-list 101 permit tcp any host 10.0.0.1 eq 20080

access-list 101 permit udp any host 10.0.0.1 eq 20080

access-list 101 permit tcp any host 10.0.0.1 eq 20081

access-list 101 permit udp any host 10.0.0.1 eq 20081

access-list 101 permit tcp any host 10.0.0.1 eq 20082

access-list 101 permit udp any host 10.0.0.1 eq 20082

access-list 101 permit tcp any host 10.0.0.1 eq 20083

access-list 101 permit udp any host 10.0.0.1 eq 20083

access-list 101 permit tcp any host 10.0.0.1 eq 20084

access-list 101 permit udp any host 10.0.0.1 eq 20084

access-list 101 permit tcp any host 10.0.0.1 eq 20087

access-list 101 permit udp any host 10.0.0.1 eq 20087

access-list 101 permit udp any host 10.0.0.1 eq 40404

access-list 101 permit tcp any host 10.0.0.1 eq 40404

access-list 101 permit udp host 195.18.114.5 eq domain host 10.0.0.1

access-list 101 permit udp host 195.18.115.5 eq domain host 10.0.0.1

access-list 101 remark Auto generated by SDM for NTP (123) ntp.xs4all.nl

access-list 101 permit udp host 194.109.22.18 eq ntp host 10.0.0.1 eq ntp

access-list 101 deny   ip 172.16.1.0 0.0.0.255 any

access-list 101 permit icmp any host 10.0.0.1 echo

access-list 101 permit icmp any host 10.0.0.1 echo-reply

access-list 101 permit icmp any host 10.0.0.1 time-exceeded

access-list 101 permit icmp any host 10.0.0.1 unreachable

access-list 101 deny   ip 10.0.0.0 0.255.255.255 any

access-list 101 deny   ip 172.16.0.0 0.15.255.255 any

access-list 101 deny   ip 192.168.0.0 0.0.255.255 any

access-list 101 deny   ip 127.0.0.0 0.255.255.255 any

access-list 101 deny   ip host 255.255.255.255 any

access-list 101 deny   ip host 0.0.0.0 any

access-list 101 deny   ip any any log

access-list 102 remark Auto generated by SDM Management Access feature

access-list 102 remark SDM_ACL Category=1

access-list 102 permit ip host 172.16.1.90 any

access-list 102 remark Auto generated by SDM Management Access feature

access-list 102 remark SDM_ACL Category=1

access-list 103 remark VTY Access-class list

access-list 103 remark SDM_ACL Category=1

access-list 103 permit ip 172.16.1.0 0.0.0.255 any

access-list 103 deny   ip any any

access-list 103 remark VTY Access-class list

access-list 103 remark SDM_ACL Category=1

snmp-server community Traffic RO

no cdp run

!

!

control-plane

!

banner login .

!

line con 0

 login authentication local_authen

 transport output telnet

line aux 0

 login authentication local_authen

 transport output telnet

line vty 0 4

 access-class 103 in

 authorization exec local_author

 login authentication local_authen

 transport input telnet

!

scheduler allocate 4000 1000

ntp clock-period 17178796

ntp update-calendar

ntp server 194.109.22.18 source FastEthernet0/0 prefer

end

Open in new window

0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now