?
Solved

Trying to NAT out and also Use Global Statics within my network

Posted on 2008-10-08
20
Medium Priority
?
424 Views
Last Modified: 2012-05-05
just trying to finalize on getting my FE0/0 that has a IP address of a public address to be able to also have like 4 secondarys to be able to also do 1-1 NATs or Some port Mappings (PAT) heres my interface now with a global static address on my network lan with 65.xx.xx.232

interface FastEthernet0/0
 description Connected to T1 internet
 ip address 65.XX.XX.226 255.255.255.240
???????? ip address secondary 65.xx.xx.227 ?????
???????? ip address secondary 65.xx.xx.230 ?????
use this possibilly

 no ip redirects
 no ip unreachables
 ip directed-broadcast
 ip inspect Firewall out
 ip route-cache flow
 duplex auto
 speed auto
 no cdp enable
 crypto map VPN_Tunnel
 crypto ipsec fragmentation before-encryption
!

and take the 2 ip secondary address and 1-1 nat them with an IP in my internal Network.

But then i also need to be able to NAT out to the IP address 65.XX.XX.226


im not to sure on how to build the ACL or If i need something Differnt on the setup

Thanks
0
Comment
Question by:johnritzer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 12
  • 8
20 Comments
 
LVL 12

Assisted Solution

by:Pugglewuggle
Pugglewuggle earned 2000 total points
ID: 22675388
No, you do not need to specify any other IP addresses on an interface - only one. The device will automatically use any IP addresses in your IP pool if you tell it to use them somehow.
What exactly are you trying to do? Give outside users access to internal servers? What device are you using? an ASA? A router? (Looks like a router config)
0
 

Author Comment

by:johnritzer
ID: 22688319
im actually trying to create a 1-1 nat on 2 static global ips to internal addresses  like 65.xx.xx.228 - 192.168.14.27  and 65.xx.xx.230 to the ip 192.168.14.2
and have those ips with a Default gateway of the
and also have another ip like 65.xx.xx.236 to only forward say Port 443,80,1753 to differnt machines in my network.



in ip route 0.0.0.0 0.0.0.0 65.xx.xx.225

interface FastEthernet0/0
 description Connected to T1 internet
 ip address 65.XX.XX.226 255.255.255.240


Thanks hope that helps a bit

0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22692766
How many public IPs do you have?
So in this case, you will need 2 1-to-1 NATs (as you said) and a PAT to allow those ports to go to other servers. One thing to note is that if you have a 1-1 NAT going to an IP, PAT cannot direct traffic there as well - that would mess up the ASA's internal xlate table...
Do you also have inside hosts that need to access the internet as well or is this only for servers? If so, what public IP (or range) do you want to use for that?
Here are a fre commands to get you started with the 1-1s and the PAT.
0
WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22692936
Oops! didn't finish typing!
Please post your whole config along with that info so I can see what all's going on.
Also, what open ports are required on the 1-1 NATs for 65.x.x.228 and .230?

Cheers!


! pool for outgoing NAT for inside interface
global (outside) 1 65.XX.XX.236
nat (inside) 1 0 0
! 1-1 NATs
static (inside,outside) 65.XX.XX.228 192.168.14.27 netmask 255.255.255.255
static (inside,outside) 65.XX.XX.230 192.168.14.2 netmask 255.255.255.255
! PAT
static (inside,outside) tcp interface www 192.168.XX.XX www netmask 255.255.255.255
static (inside,outside) tcp interface https 192.168.XX.XX https netmask 255.255.255.255
static (inside,outside) tcp interface 1753 192.168.XX.XX 1753 netmask 255.255.255.255
! I need more info about incoming for 1-1 NATs
! ACLs to allow incoming for PAT
access-list outside_access_in permit tcp any host 65.XX.XX.236 eq www
access-list outside_access_in permit tcp any host 65.XX.XX.236 eq https
access-list outside_access_in permit tcp any host 65.XX.XX.236 eq 1753
! ACL application
access-group outside_access_in in interface outside

Open in new window

0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22692941
BTW - I still need your config and the IPs I asked for - also, I need the IPs of the "other" servers (80,443,1753).
Cheers!
0
 

Author Comment

by:johnritzer
ID: 22703291
Oh wows thanks for your help puggle :)

Well ports for the 1-1 NAT on 65.xx.xx.228 (Asterisk Server) 192.168.14.27 needing 10000 range 5060 (sip server)
and the ports for the other 1-1 NAT on 65.xx.xx.230 (MITEL phone system) 192.168.14.2 needing 5060 and possibily more because im not to sure what mitel usees for its sip signaling but i was wanting it all open for now and close a little by little and make sure some call flow would still work.


Okie ill send over the configy

I CAN REMOVE all the ACL configs if need be I just mirrored that config from my Other router <831 soho> that holds our primary internet connection dsl line mostly used for web traffic....

THANKS







Okie ill send over the configy
AmtecLV1841>en
Password: 
AmtecLV1841#sh ip int
AmtecLV1841#sh ip interface br
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            65.xx.xx.226  YES NVRAM  up                    up      
FastEthernet0/1            192.168.11.254  YES NVRAM  up                    up      
FastEthernet0/1.1          unassigned      YES unset  up                    up      
Serial0/0/0                64.xx.xx.10    YES NVRAM  up                    up      
NVI0                       unassigned      NO  unset  up                    up      
BVI1                       unassigned      YES NVRAM  down                  down    
Loopback0                  1.1.1.1         YES NVRAM  up                    up      
Loopback2                  2.2.2.2         YES NVRAM  up                    up      
AmtecLV1841#sh run
Building configuration...
 
Current configuration : 15052 bytes
!
! No configuration change since last restart
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname AmtecLV1841
!
boot-start-marker
boot system flash 
boot-end-marker
!
 
aaa new-model
!
!
 
!
aaa session-id common
clock timezone PST -8
no ip source-route
ip cef
!
!
ip inspect name Firewall cuseeme
ip inspect name Firewall ftp
ip inspect name Firewall h323
ip inspect name Firewall netshow
ip inspect name Firewall rcmd
ip inspect name Firewall realaudio
ip inspect name Firewall rtsp
ip inspect name Firewall sqlnet
ip inspect name Firewall streamworks
ip inspect name Firewall tftp
ip inspect name Firewall tcp
ip inspect name Firewall udp
ip inspect name Firewall vdolive
ip inspect name Firewall icmp
ip inspect name Firewall esmtp
ip inspect name Firewall sip
ip inspect name Firewall sip-tls
ip tcp path-mtu-discovery
ip telnet source-interface FastEthernet0/1
!
!
no ip bootp server
ip domain name amtec.local
ip name-server 4.2.2.2
!
!
 
!
class-map match-any IP_Node
 match access-group 104
!
!
policy-map VoIP_Priority
 class IP_Node
  set ip dscp ef
  priority 256
 class class-default
  fair-queue
  random-detect
policy-map QoS
 class class-default
  shape average 500000 5000 0
  service-policy VoIP_Priority
!
! 
REMOVED ALL CRYPTO AGAIN
!
bridge irb
!
!
interface Loopback0
 description Virtual NAT Interface
 ip address 1.1.1.1 255.255.255.252
!
interface Loopback2
 ip address 2.2.2.2 255.255.255.255
!
interface Null0
 no ip unreachables
!
interface FastEthernet0/0
 description Connected to T1 internet
 ip address 65.XX.XX.226 255.255.255.240
 no ip redirects
 no ip unreachables
 ip directed-broadcast
 ip inspect Firewall out
 ip route-cache flow
 duplex auto
 speed auto
 no cdp enable
 crypto map VPN_Tunnel
 crypto ipsec fragmentation before-encryption
!
interface FastEthernet0/1
 description $FW_INSIDE$
 ip address 192.168.11.254 255.255.255.0
 ip access-group 102 in
 no ip redirects
 no ip unreachables
 ip directed-broadcast
 ip nat inside
 ip virtual-reassembly
 ip policy route-map NAT_Filter
 duplex auto
 speed auto
!
interface FastEthernet0/1.1
 no cdp enable
!
interface Serial0/0/0
 ip address 64.xx.xx.10 255.255.255.252
 no ip redirects
 no ip unreachables
 encapsulation ppp
 service-module t1 timeslots 1-24
!
interface BVI1
 no ip address
!
ip local pool VPN_IPs 192.168.255.1 192.168.255.10
ip forward-protocol udp netbios-ss
ip route 0.0.0.0 0.0.0.0 64.xx.xx.9
ip route 192.168.14.0 255.255.255.0 192.168.11.2
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source route-map Nat interface FastEthernet0/0 overload
!
ip access-list extended XoStatics
 permit ip 65.XX.XX.224 0.0.0.15 any
!
access-list 100 permit ip 192.168.11.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 100 permit ip 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 100 permit ip 192.168.255.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 100 permit ip 192.168.14.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 100 permit ip 192.168.3.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 100 permit ip 192.168.10.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 101 deny   ip 192.168.11.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 deny   ip 192.168.11.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 101 deny   ip 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 deny   ip 192.168.11.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 101 deny   ip 192.168.11.0 0.0.0.255 192.168.255.0 0.0.0.255
access-list 101 deny   ip 192.168.14.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 deny   ip 192.168.14.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 101 deny   ip 192.168.14.0 0.0.0.255 192.168.255.0 0.0.0.255
access-list 101 deny   ip 192.168.255.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 deny   ip 192.168.3.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 permit ip 192.168.11.0 0.0.0.255 any
access-list 101 permit ip 192.168.14.0 0.0.0.255 any
access-list 102 remark SDM_ACL Category=17
access-list 102 deny   ip 65.xx.xx.0 0.0.0.127 any
access-list 102 deny   ip host 255.255.255.255 any
access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
access-list 102 permit ip host 192.168.11.28 192.168.254.0 0.0.0.255
access-list 102 permit ip any host 192.168.14.27
access-list 102 permit ip host 192.168.14.27 any
access-list 102 permit tcp any any eq 5060
access-list 102 permit ip host 192.168.14.2 host 209.203.104.37
access-list 102 permit ip host 209.203.104.37 host 192.168.14.2
access-list 102 permit ip host 192.168.14.2 192.168.254.0 0.0.0.255
access-list 102 permit ip 192.168.14.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 102 deny   ip 192.168.11.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 102 deny   icmp any 192.168.254.0 0.0.0.255
access-list 102 permit ip any any
access-list 103 permit ip any any
access-list 103 permit ip 192.168.10.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 103 permit ip 192.168.10.0 0.0.0.255 192.168.255.0 0.0.0.255
access-list 103 permit ahp any host 65.xx.xx.46
access-list 103 permit esp any host 65.xx.xx.46
access-list 103 permit udp any host 65.xx.xx.46 eq 5060
access-list 103 permit ip host 192.168.14.27 any
access-list 103 permit ip any host 192.168.14.27
access-list 103 permit ip host 209.203.104.37 host 192.168.14.2
access-list 103 permit ip host 192.168.14.2 host 209.203.104.37
access-list 103 permit udp any host 65.xx.xx.46 eq isakmp
access-list 103 permit udp any host 65.xx.xx.46 eq non500-isakmp
access-list 103 permit esp any any
access-list 103 permit gre any any
access-list 103 permit tcp any any eq 1723
access-list 103 permit ip 192.168.2.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 103 permit ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 103 permit ip 192.168.10.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 103 permit ip 192.168.254.0 0.0.0.255 host 192.168.11.28
access-list 103 permit ip 192.168.254.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 103 deny   ip 192.168.254.0 0.0.0.255 any
access-list 103 permit ip 192.168.255.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 103 permit ip 192.168.255.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 103 permit ip 192.168.255.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 103 deny   icmp 192.168.254.0 0.0.0.255 any
access-list 103 deny   icmp any host 65.xx.xx.46
access-list 103 permit icmp any any echo-reply
access-list 103 permit icmp any any time-exceeded
access-list 103 permit icmp any any timestamp-reply
access-list 103 permit icmp any any traceroute
access-list 103 permit icmp any any unreachable
access-list 103 deny   icmp any any
access-list 103 permit udp any any eq ntp
access-list 103 permit tcp any host 65.xx.xx.46 eq 161
access-list 103 permit tcp any host 65.xx.xx.46 eq 162
access-list 103 permit udp any host 65.xx.xx.46 eq snmp
access-list 103 permit udp any host 65.xx.xx.46 eq snmptrap
access-list 103 permit udp host 209.203.104.37 host 65.xx.xx.46 eq 5060
access-list 103 permit tcp any host 65.xx.xx.46 eq smtp
access-list 103 permit tcp any host 65.xx.xx.46 eq www
access-list 103 permit tcp any host 65.xx.xx.46 eq 443
access-list 103 permit tcp any host 65.xx.xx.46 eq 3389
access-list 103 permit tcp any host 65.xx.xx.46 eq 4125
access-list 103 permit tcp any host 65.xx.xx.46 eq 37000
access-list 103 permit tcp any host 65.xx.xx.46 eq ftp
access-list 103 permit tcp any host 65.xx.xx.46 eq ftp-data
access-list 103 deny   ip 192.168.11.0 0.0.0.255 any
access-list 103 deny   ip 10.0.0.0 0.255.255.255 any
access-list 103 deny   ip 172.16.0.0 0.15.255.255 any
access-list 103 deny   ip 192.168.0.0 0.0.255.255 any
access-list 103 deny   ip 127.0.0.0 0.255.255.255 any
access-list 103 deny   ip host 255.255.255.255 any
access-list 103 deny   ip host 0.0.0.0 any
access-list 103 deny   ip any any log
access-list 103 permit udp any any eq 5060
access-list 103 permit tcp any any eq 5060
access-list 104 permit ip host 192.168.14.2 any
access-list 104 permit ip any host 192.168.14.2
access-list 104 permit ip 192.168.14.0 0.0.0.255 0.0.0.0 255.255.255.0
access-list 104 remark IP Nodes / Phones
access-list 105 permit ip 192.168.10.0 0.0.0.255 192.168.255.0 0.0.0.255
access-list 105 permit ip 192.168.11.0 0.0.0.255 192.168.255.0 0.0.0.255
access-list 105 permit ip 192.168.14.0 0.0.0.255 192.168.255.0 0.0.0.255
access-list 105 permit ip 192.168.255.0 0.0.0.255 any
access-list 105 remark VPN Split Tunnel Rules
access-list 106 permit ip host 192.168.11.1 192.168.3.0 0.0.0.255
access-list 106 permit ip host 192.168.11.1 192.168.10.0 0.0.0.255
access-list 106 permit ip host 192.168.11.1 192.168.255.0 0.0.0.255
access-list 106 remark Route Map Rules
no cdp run
route-map XoRoutemap permit 10
 match ip address XoStatics
!
route-map NAT_Filter permit 1
 match ip address 106
 set ip next-hop 1.1.1.2
!
route-map XORoutemap permit 10
!
route-map Nat permit 1
 match ip address 101
!
!
!
control-plane
!
bridge 1 protocol ieee
banner motd ^CC
bncvbcv
!
 
end

Open in new window

0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22708109
One thing to note that is very important... For every port forwarded, a static command is needed... if you want to forward that many ports, you will have to have over 5,000 static statements... that is crazy.
Is there no other way to do this so that many ports aren't opened up?
Cheers!
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22708936
One other thing: Generally, you're going to want to use a voice enabled router outside the PIX (like a Cisco ISR) to terminate those SIP connections from the web... If this isn't an option then the only thing we can do is open all those ports. Let me know!
Cheers!
0
 

Author Comment

by:johnritzer
ID: 22709065
there's like no port range ack option....



basically an average asterisk. Can't you just say permit any any

Or deny all tcp since sip is udp driven.  

Thaknks
0
 

Author Comment

by:johnritzer
ID: 22709075
I could then just open the ones I need I thought a 1-1 bat was like no firewally between a global static and an internal static but all ports were opened both ways
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22709325
Oh! Woops! Sorry, I guess I missed the 1-1 NAT you mentioned.
Here are the commands to set it up (as well as an ACL on the FE 0/0 for incoming connections)
FE 0/0 is supposed to be the outside for NAT, right?
Also, what's Serial0/0/0 for?
Cheers!

interface FastEthernet0/0
ip nat outside
access-group 199 in
access-list 199 permit udp any host 65.x.x.228 range 5060 10000
ip nat inside source static tcp 192.168.14.27 interface FastEthernet0/0

Open in new window

0
 

Author Comment

by:johnritzer
ID: 22712380
the s0/0/0 is the actual T1 connection to the NIU and thats what the 64.xx.xx.10

ip connects to the 64.xx.xx.9 255.255.255.252

Thanks greatly for your help
0
 

Author Comment

by:johnritzer
ID: 22712446
so if i put the following code in...
interface FastEthernet0/0
ip nat outside


would i be able to if i point my static box to that ip would it be possible to just go out that that static ip as my outbound like what it would show on www.ipchicken.com
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22713537
Ahhh gotcha on the T1.
Whatever IP you are accessing the web from will show up... If you configure PAT for internet access for internal hosts on only one public IP like my commands do, then the public IP in the command with the "overload" keyword is what will show up.
The IP address of the outside interface isn't usually the one that shows up because a different address is used for PAT, but that can vary on configuration.
All ip nat outside does is tell the router where the outside is. A 1-1 NAT needs to go from outside to inside - that command tells it which interface is outside. You already have the inside command configured.
Cheers!
0
 

Author Comment

by:johnritzer
ID: 22714266
so all the ACLs that are currently in there i dont think they are being used but if i kill them all i cant get internet access so im not to sure if i need to have these in there to allow access from my t1 statics
access-list 102 remark SDM_ACL Category=17
access-list 102 deny   ip 65.xx.xx.0 0.0.0.127 any
access-list 102 deny   ip host 255.255.255.255 any
access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
access-list 102 permit ip host 192.168.11.28 192.168.254.0 0.0.0.255
access-list 102 permit ip any host 192.168.14.27
access-list 102 permit ip host 192.168.14.27 any


i have that in there and im wondering why it denys ip 65.xx.xx.0 0.0.0.127 any


that one is so confusing to me .....


Thanks
0
 

Author Comment

by:johnritzer
ID: 22715169
okay heres another quick issue that im trying to get resolved while i have you here and thanks alot for your help

with that current config above i have my Voice vlan at 192.168.14.x and its gateway route is 192.168.14.253 which is my hp procurve switch

and i had my hp procurve switch go to  
ip route 0.0.0.0 0.0.0.0 192.168.11.254  (1841 router T1)
from existing
ip route 0.0.0.0 0.0.0.0 192.168.11.3     (831 Router dsl)

interface FastEthernet0/0
 description Connected to TelePacific Internet$FW_OUTSIDE$
 ip address 65.105.209.226 255.255.255.240
 ip access-group 199 in
 no ip redirects
 no ip unreachables
 ip directed-broadcast
 ip inspect Firewall out
 ip nat outside
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 no cdp enable
 crypto map VPN_Tunnel
 crypto ipsec fragmentation before-encryption
!
interface FastEthernet0/1
 description $FW_INSIDE$
 ip address 192.168.11.254 255.255.255.0
 ip access-group 102 in
 no ip redirects
 no ip unreachables
 ip directed-broadcast
 ip nat inside
 ip virtual-reassembly
 ip policy route-map NAT_Filter
 duplex auto
 speed auto



i tried putting in 4.2.2.2 in the dns server but didnt go through.... at this time im getting my DNS servers from the ip scheme


Thanks again
0
 

Author Comment

by:johnritzer
ID: 22715692
okie UPDATE sorry again i did put the dns address to see if that helped it (tried 4.2.2.2 first didnt work)

but from the 1841 router i can do a traceroute and a ping but im just wondering why if i point from internal to 192.168.11.254

is this or this preventing it from going out the internet thanks..

ip access-group 102 in
ip policy route-map NAT_Filter

heres the 102 in
access-list 102 remark SDM_ACL Category=17
access-list 102 deny ip 65.xx.xx.0 0.0.0.127 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 permit ip host 192.168.11.28 192.168.254.0 0.0.0.255
access-list 102 permit ip any host 192.168.14.27
access-list 102 permit ip host 192.168.14.27 any
access-list 102 permit tcp any any eq 5060
access-list 102 permit ip host 192.168.14.2 host 209.203.104.37
access-list 102 permit ip host 209.203.104.37 host 192.168.14.2
access-list 102 permit ip host 192.168.14.2 192.168.254.0 0.0.0.255
access-list 102 permit ip 192.168.14.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 102 deny ip 192.168.11.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 102 deny icmp any 192.168.254.0 0.0.0.255
access-list 102 permit ip any any




and heres the route-map NAT_Filter

route-map NAT_Filter permit 1
match ip address 106
set ip next-hop 1.1.1.2

which goes to using this 106 ACL

access-list 106 permit ip host 192.168.11.1 192.168.3.0 0.0.0.255
access-list 106 permit ip host 192.168.11.1 192.168.10.0 0.0.0.255
access-list 106 permit ip host 192.168.11.1 192.168.255.0 0.0.0.255
access-list 106 remark Route Map Rules






thanks


0
 

Author Comment

by:johnritzer
ID: 22716707
HAHA sooooo
i figured out my own problem on getting out
i had to put ip nat outside on the s0/0/0 interface to get out so im going to check to see if i can do some port Trans right now based on the Configs you gave me..
 
 
Thanks
0
 

Accepted Solution

by:
johnritzer earned 0 total points
ID: 22717106
so disregard messages of that i got the internet to go out..
so if its a 1-1 nat does the outbound ip use the one of the single Interface
 
because i did the config you suggestted with the 192.168.14.27  with the 65.xx.xx.228
but when i try to browse to 65.xx.xx.228 it doesnt work but what does work is when i try to browse to 65.xx.xx.226 it goes to 192.168.14.27 so i dont know if im missing a 1-1 nat statement or if because my
ip nat inside source static ip 192.168.14.27 interface FastEthernet0/0  
statment i put in there is making it go only to the 65.xx.xx.226
 
Thanks once again

 
 
0
 

Author Comment

by:johnritzer
ID: 22737365
hey again i would like to thank you for all your help puggle :) im awarding .....
i figured out the ip nat source static internal IP then External ip :)
just a quick question for the ip nating outside i need info to route out say if i have the INCOMING setup with
 
ip nat inside source static 192.168.14.2  65.xx.xx.228
if i have the traffic from 192.168.14.2 directed to 192.168.11.254 as the gateway out to the internet is it possible fo all its traffic to route out the 65.xx.xx.228 and not the 65.xx.xx.226
 
 
thank you very much :) :) :) :)
0

Featured Post

Tutorial: Introduction to Managing a Linux Server

In this tutorial on systemd, we will explore:
-OS/Distro Adoption
-chkconfig and Other Legacy Commands
-Summary and Key Commands

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question