Solved

access external IP from internal LAN

Posted on 2008-06-25
2
1,027 Views
Last Modified: 2008-07-01
Hi,

I'm trying to get ZEND studio to work with my Cisco 1841. For this I need to be able to access the IP address of the external interface (FastEthernet0/0, x.x.x.x) from a computer that is connected to the local LAN (FastEthernet0/1, y.y.y.y). Is there a way to do this with the Cisco 1841 ?

Kind regards.
0
Comment
Question by:bramsauer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 21864542
You can look at configuring NVI (NAT Virtual Interface) so you can access an internal resource via the external IP.

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtnatvi.html

Alternatively, if you have an internal DNS server and you can specify a hostname in ZEND studio, you could add a zone and record to your internal DNS server and specify the internal IP so it will use the internal IP when in the office and the external IP when connecting over the Internet.
0
 

Author Comment

by:bramsauer
ID: 21872337
I've checked out the cisco document, but the example and explanation is based on VPN routing/forwarding. I'm having some trouble figuring out how I could implement it in the current running configuration without completely messing it up. Can you give me some pointers ?

Kind regards,

!
! No configuration change since last restart
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname gateway
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 errors
logging console critical
enable secret 5 XXXXXXXXXXXXXXXXX
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local 
!
aaa session-id common
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip tcp synwait-time 10
!
!
ip ftp username cisco
ip ftp password 7 094F41071F0C10
no ip bootp server
ip domain name xxxxx
ip name-server 195.18.115.5
ip name-server 195.18.114.5
!
!
!
!
username manager password 7 xxxxxx
!
! 
!
!
!
interface Null0
 no ip unreachables
!
interface FastEthernet0/0
 description Internet Uplink$ETH-LAN$$FW_OUTSIDE$
 ip address 10.0.0.1 255.255.255.248
 ip access-group 101 in
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip inspect SDM_LOW out
 ip nat outside
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 shutdown
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/0/0
 description Upper Switch
 switchport mode trunk
!
interface FastEthernet0/0/1
 switchport mode trunk
 shutdown
!
interface FastEthernet0/0/2
 shutdown
!
interface FastEthernet0/0/3
 switchport mode trunk
 shutdown
!
interface Vlan1
 description Private LAN$FW_INSIDE$
 ip address 172.16.1.1 255.255.255.0
 ip access-group 100 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
!
ip classless
ip route 0.0.0.0 0.0.0.0 212.61.144.153 permanent
!
ip http server
ip http access-class 2
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static udp 172.16.1.90 40404 interface FastEthernet0/0 40404
ip nat inside source static tcp 172.16.1.8 1433 interface FastEthernet0/0 1433
ip nat inside source static tcp 172.16.1.9 3307 interface FastEthernet0/0 3307
ip nat inside source static tcp 172.16.1.90 40404 interface FastEthernet0/0 40404
ip nat inside source static tcp 172.16.1.37 20087 interface FastEthernet0/0 20087
ip nat inside source static udp 172.16.1.37 20087 interface FastEthernet0/0 20087
ip nat inside source static tcp 172.16.1.94 20084 interface FastEthernet0/0 20084
ip nat inside source static udp 172.16.1.94 20084 interface FastEthernet0/0 20084
ip nat inside source static tcp 172.16.1.93 20083 interface FastEthernet0/0 20083
ip nat inside source static udp 172.16.1.93 20083 interface FastEthernet0/0 20083
ip nat inside source static tcp 172.16.1.92 20082 interface FastEthernet0/0 20082
ip nat inside source static udp 172.16.1.92 20082 interface FastEthernet0/0 20082
ip nat inside source static tcp 172.16.1.91 20081 interface FastEthernet0/0 20081
ip nat inside source static udp 172.16.1.91 20081 interface FastEthernet0/0 20081
ip nat inside source static tcp 172.16.1.99 20080 interface FastEthernet0/0 20080
ip nat inside source static udp 172.16.1.99 20080 interface FastEthernet0/0 20080
ip nat inside source static tcp 172.16.1.37 10007 interface FastEthernet0/0 10007
ip nat inside source static udp 172.16.1.37 10007 interface FastEthernet0/0 10007
ip nat inside source static tcp 172.16.1.94 10004 interface FastEthernet0/0 10004
ip nat inside source static udp 172.16.1.94 10004 interface FastEthernet0/0 10004
ip nat inside source static tcp 172.16.1.93 10003 interface FastEthernet0/0 10003
ip nat inside source static udp 172.16.1.93 10003 interface FastEthernet0/0 10003
ip nat inside source static tcp 172.16.1.92 10002 interface FastEthernet0/0 10002
ip nat inside source static udp 172.16.1.92 10002 interface FastEthernet0/0 10002
ip nat inside source static tcp 172.16.1.91 10001 interface FastEthernet0/0 10001
ip nat inside source static udp 172.16.1.91 10001 interface FastEthernet0/0 10001
ip nat inside source static tcp 172.16.1.99 10000 interface FastEthernet0/0 10000
ip nat inside source static udp 172.16.1.99 10000 interface FastEthernet0/0 10000
ip nat inside source static tcp 172.16.1.5 8445 interface FastEthernet0/0 8445
ip nat inside source static tcp 172.16.1.5 25 interface FastEthernet0/0 25
ip nat inside source static tcp 172.16.1.5 1723 interface FastEthernet0/0 1723
!
logging 172.16.1.2
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 172.16.1.0 0.0.0.255
access-list 2 remark Auto generated by SDM Management Access feature
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 172.16.1.90
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip host 172.16.1.90 any
access-list 100 permit ip host 172.16.1.32 208.65.152.0 0.0.3.255
access-list 100 permit ip host 172.16.1.36 208.65.152.0 0.0.3.255
access-list 100 permit ip host 172.16.1.43 208.65.152.0 0.0.3.255
access-list 100 permit ip host 172.16.1.45 208.65.152.0 0.0.3.255
access-list 100 permit ip host 172.16.1.32 host 85.17.175.234
access-list 100 permit ip host 172.16.1.32 host 64.202.189.170
access-list 100 permit ip host 172.16.1.32 host 85.17.225.248
access-list 100 permit ip host 172.16.1.36 host 85.17.175.234
access-list 100 permit ip host 172.16.1.36 host 64.202.189.170
access-list 100 permit ip host 172.16.1.36 host 85.17.225.248
access-list 100 permit ip host 172.16.1.43 host 85.17.175.234
access-list 100 permit ip host 172.16.1.43 host 64.202.189.170
access-list 100 permit ip host 172.16.1.43 host 85.17.225.248
access-list 100 permit ip host 172.16.1.45 host 85.17.175.234
access-list 100 permit ip host 172.16.1.45 host 64.202.189.170
access-list 100 permit ip host 172.16.1.45 host 85.17.225.248
access-list 100 permit ip host 172.16.1.96 host 85.17.175.234
access-list 100 permit ip host 172.16.1.96 host 64.202.189.170
access-list 100 permit ip host 172.16.1.96 host 85.17.225.248
access-list 100 deny   ip any 208.65.152.0 0.0.3.255
access-list 100 deny   ip any host 85.17.175.234
access-list 100 deny   ip any host 85.17.225.248
access-list 100 deny   ip any host 64.202.189.170
access-list 100 permit tcp host 172.16.1.90 host 172.16.1.1 eq telnet
access-list 100 permit tcp host 172.16.1.90 host 172.16.1.1 eq 22
access-list 100 permit tcp host 172.16.1.90 host 172.16.1.1 eq www
access-list 100 permit tcp host 172.16.1.90 host 172.16.1.1 eq 443
access-list 100 permit tcp host 172.16.1.90 host 172.16.1.1 eq cmd
access-list 100 permit udp host 172.16.1.90 host 172.16.1.1 eq snmp
access-list 100 permit udp host 172.16.1.2 host 172.16.1.1 eq snmp
access-list 100 deny   tcp any host 172.16.1.1 eq telnet
access-list 100 deny   tcp any host 172.16.1.1 eq 22
access-list 100 deny   tcp any host 172.16.1.1 eq www
access-list 100 deny   tcp any host 172.16.1.1 eq 443
access-list 100 deny   tcp any host 172.16.1.1 eq cmd
access-list 100 deny   udp any host 172.16.1.1 eq snmp
access-list 100 remark Auto generated by SDM for NTP (123) ntp.xs4all.nl
access-list 100 permit udp host 194.109.22.18 eq ntp host 172.16.1.1 eq ntp
access-list 100 deny   ip 212.61.144.152 0.0.0.7 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit tcp any host 10.0.0.1 eq 1723
access-list 101 permit tcp any host 10.0.0.1 eq smtp
access-list 101 permit tcp host 10.0.1.182 host 10.0.0.1 eq 1433
access-list 101 permit tcp host 10.0.1.182 host 10.0.0.1 eq 3307
access-list 101 permit tcp host 10.0.1.181 host 10.0.0.1 eq 1433
access-list 101 permit tcp host 10.0.1.181 host 10.0.0.1 eq 3307
access-list 101 permit tcp host 10.0.1.180 host 10.0.0.1 eq 1433
access-list 101 permit tcp host 10.0.1.180 host 10.0.0.1 eq 3307
access-list 101 permit tcp host 10.0.1.179 host 10.0.0.1 eq 1433
access-list 101 permit tcp host 10.0.1.179 host 10.0.0.1 eq 3307
access-list 101 permit tcp host 10.0.1.178 host 10.0.0.1 eq 1433
access-list 101 permit tcp host 10.0.1.178 host 10.0.0.1 eq 3307
access-list 101 permit gre any host 10.0.0.1
access-list 101 permit tcp any host 10.0.0.1 eq 8445
access-list 101 permit tcp any host 10.0.0.1 eq 10000
access-list 101 permit udp any host 10.0.0.1 eq 10000
access-list 101 permit tcp any host 10.0.0.1 eq 10001
access-list 101 permit udp any host 10.0.0.1 eq 10001
access-list 101 permit tcp any host 10.0.0.1 eq 10002
access-list 101 permit udp any host 10.0.0.1 eq 10002
access-list 101 permit tcp any host 10.0.0.1 eq 10003
access-list 101 permit udp any host 10.0.0.1 eq 10003
access-list 101 permit tcp any host 10.0.0.1 eq 10004
access-list 101 permit tcp any host 10.0.0.1 eq 20080
access-list 101 permit udp any host 10.0.0.1 eq 20080
access-list 101 permit tcp any host 10.0.0.1 eq 20081
access-list 101 permit udp any host 10.0.0.1 eq 20081
access-list 101 permit tcp any host 10.0.0.1 eq 20082
access-list 101 permit udp any host 10.0.0.1 eq 20082
access-list 101 permit tcp any host 10.0.0.1 eq 20083
access-list 101 permit udp any host 10.0.0.1 eq 20083
access-list 101 permit tcp any host 10.0.0.1 eq 20084
access-list 101 permit udp any host 10.0.0.1 eq 20084
access-list 101 permit tcp any host 10.0.0.1 eq 20087
access-list 101 permit udp any host 10.0.0.1 eq 20087
access-list 101 permit udp any host 10.0.0.1 eq 40404
access-list 101 permit tcp any host 10.0.0.1 eq 40404
access-list 101 permit udp host 195.18.114.5 eq domain host 10.0.0.1
access-list 101 permit udp host 195.18.115.5 eq domain host 10.0.0.1
access-list 101 remark Auto generated by SDM for NTP (123) ntp.xs4all.nl
access-list 101 permit udp host 194.109.22.18 eq ntp host 10.0.0.1 eq ntp
access-list 101 deny   ip 172.16.1.0 0.0.0.255 any
access-list 101 permit icmp any host 10.0.0.1 echo
access-list 101 permit icmp any host 10.0.0.1 echo-reply
access-list 101 permit icmp any host 10.0.0.1 time-exceeded
access-list 101 permit icmp any host 10.0.0.1 unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any log
access-list 102 remark Auto generated by SDM Management Access feature
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip host 172.16.1.90 any
access-list 102 remark Auto generated by SDM Management Access feature
access-list 102 remark SDM_ACL Category=1
access-list 103 remark VTY Access-class list
access-list 103 remark SDM_ACL Category=1
access-list 103 permit ip 172.16.1.0 0.0.0.255 any
access-list 103 deny   ip any any
access-list 103 remark VTY Access-class list
access-list 103 remark SDM_ACL Category=1
snmp-server community Traffic RO
no cdp run
!
!
control-plane
!
banner login .
!
line con 0
 login authentication local_authen
 transport output telnet
line aux 0
 login authentication local_authen
 transport output telnet
line vty 0 4
 access-class 103 in
 authorization exec local_author
 login authentication local_authen
 transport input telnet
!
scheduler allocate 4000 1000
ntp clock-period 17178796
ntp update-calendar
ntp server 194.109.22.18 source FastEthernet0/0 prefer
end

Open in new window

0

Featured Post

Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question