Solved

Trying to NAT out and also Use Global Statics within my network

Posted on 2008-10-08
20
395 Views
Last Modified: 2012-05-05
just trying to finalize on getting my FE0/0 that has a IP address of a public address to be able to also have like 4 secondarys to be able to also do 1-1 NATs or Some port Mappings (PAT) heres my interface now with a global static address on my network lan with 65.xx.xx.232

interface FastEthernet0/0
 description Connected to T1 internet
 ip address 65.XX.XX.226 255.255.255.240
???????? ip address secondary 65.xx.xx.227 ?????
???????? ip address secondary 65.xx.xx.230 ?????
use this possibilly

 no ip redirects
 no ip unreachables
 ip directed-broadcast
 ip inspect Firewall out
 ip route-cache flow
 duplex auto
 speed auto
 no cdp enable
 crypto map VPN_Tunnel
 crypto ipsec fragmentation before-encryption
!

and take the 2 ip secondary address and 1-1 nat them with an IP in my internal Network.

But then i also need to be able to NAT out to the IP address 65.XX.XX.226


im not to sure on how to build the ACL or If i need something Differnt on the setup

Thanks
0
Comment
Question by:johnritzer
  • 12
  • 8
20 Comments
 
LVL 12

Assisted Solution

by:Pugglewuggle
Pugglewuggle earned 500 total points
ID: 22675388
No, you do not need to specify any other IP addresses on an interface - only one. The device will automatically use any IP addresses in your IP pool if you tell it to use them somehow.
What exactly are you trying to do? Give outside users access to internal servers? What device are you using? an ASA? A router? (Looks like a router config)
0
 

Author Comment

by:johnritzer
ID: 22688319
im actually trying to create a 1-1 nat on 2 static global ips to internal addresses  like 65.xx.xx.228 - 192.168.14.27  and 65.xx.xx.230 to the ip 192.168.14.2
and have those ips with a Default gateway of the
and also have another ip like 65.xx.xx.236 to only forward say Port 443,80,1753 to differnt machines in my network.



in ip route 0.0.0.0 0.0.0.0 65.xx.xx.225

interface FastEthernet0/0
 description Connected to T1 internet
 ip address 65.XX.XX.226 255.255.255.240


Thanks hope that helps a bit

0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22692766
How many public IPs do you have?
So in this case, you will need 2 1-to-1 NATs (as you said) and a PAT to allow those ports to go to other servers. One thing to note is that if you have a 1-1 NAT going to an IP, PAT cannot direct traffic there as well - that would mess up the ASA's internal xlate table...
Do you also have inside hosts that need to access the internet as well or is this only for servers? If so, what public IP (or range) do you want to use for that?
Here are a fre commands to get you started with the 1-1s and the PAT.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22692936
Oops! didn't finish typing!
Please post your whole config along with that info so I can see what all's going on.
Also, what open ports are required on the 1-1 NATs for 65.x.x.228 and .230?

Cheers!


! pool for outgoing NAT for inside interface

global (outside) 1 65.XX.XX.236

nat (inside) 1 0 0

! 1-1 NATs

static (inside,outside) 65.XX.XX.228 192.168.14.27 netmask 255.255.255.255

static (inside,outside) 65.XX.XX.230 192.168.14.2 netmask 255.255.255.255

! PAT

static (inside,outside) tcp interface www 192.168.XX.XX www netmask 255.255.255.255

static (inside,outside) tcp interface https 192.168.XX.XX https netmask 255.255.255.255

static (inside,outside) tcp interface 1753 192.168.XX.XX 1753 netmask 255.255.255.255

! I need more info about incoming for 1-1 NATs

! ACLs to allow incoming for PAT

access-list outside_access_in permit tcp any host 65.XX.XX.236 eq www

access-list outside_access_in permit tcp any host 65.XX.XX.236 eq https

access-list outside_access_in permit tcp any host 65.XX.XX.236 eq 1753

! ACL application

access-group outside_access_in in interface outside

Open in new window

0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22692941
BTW - I still need your config and the IPs I asked for - also, I need the IPs of the "other" servers (80,443,1753).
Cheers!
0
 

Author Comment

by:johnritzer
ID: 22703291
Oh wows thanks for your help puggle :)

Well ports for the 1-1 NAT on 65.xx.xx.228 (Asterisk Server) 192.168.14.27 needing 10000 range 5060 (sip server)
and the ports for the other 1-1 NAT on 65.xx.xx.230 (MITEL phone system) 192.168.14.2 needing 5060 and possibily more because im not to sure what mitel usees for its sip signaling but i was wanting it all open for now and close a little by little and make sure some call flow would still work.


Okie ill send over the configy

I CAN REMOVE all the ACL configs if need be I just mirrored that config from my Other router <831 soho> that holds our primary internet connection dsl line mostly used for web traffic....

THANKS







Okie ill send over the configy
AmtecLV1841>en

Password: 

AmtecLV1841#sh ip int

AmtecLV1841#sh ip interface br

Interface                  IP-Address      OK? Method Status                Protocol

FastEthernet0/0            65.xx.xx.226  YES NVRAM  up                    up      

FastEthernet0/1            192.168.11.254  YES NVRAM  up                    up      

FastEthernet0/1.1          unassigned      YES unset  up                    up      

Serial0/0/0                64.xx.xx.10    YES NVRAM  up                    up      

NVI0                       unassigned      NO  unset  up                    up      

BVI1                       unassigned      YES NVRAM  down                  down    

Loopback0                  1.1.1.1         YES NVRAM  up                    up      

Loopback2                  2.2.2.2         YES NVRAM  up                    up      

AmtecLV1841#sh run

Building configuration...

 

Current configuration : 15052 bytes

!

! No configuration change since last restart

!

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime localtime

service timestamps log datetime localtime

service password-encryption

!

hostname AmtecLV1841

!

boot-start-marker

boot system flash 

boot-end-marker

!

 

aaa new-model

!

!

 

!

aaa session-id common

clock timezone PST -8

no ip source-route

ip cef

!

!

ip inspect name Firewall cuseeme

ip inspect name Firewall ftp

ip inspect name Firewall h323

ip inspect name Firewall netshow

ip inspect name Firewall rcmd

ip inspect name Firewall realaudio

ip inspect name Firewall rtsp

ip inspect name Firewall sqlnet

ip inspect name Firewall streamworks

ip inspect name Firewall tftp

ip inspect name Firewall tcp

ip inspect name Firewall udp

ip inspect name Firewall vdolive

ip inspect name Firewall icmp

ip inspect name Firewall esmtp

ip inspect name Firewall sip

ip inspect name Firewall sip-tls

ip tcp path-mtu-discovery

ip telnet source-interface FastEthernet0/1

!

!

no ip bootp server

ip domain name amtec.local

ip name-server 4.2.2.2

!

!

 

!

class-map match-any IP_Node

 match access-group 104

!

!

policy-map VoIP_Priority

 class IP_Node

  set ip dscp ef

  priority 256

 class class-default

  fair-queue

  random-detect

policy-map QoS

 class class-default

  shape average 500000 5000 0

  service-policy VoIP_Priority

!

! 

REMOVED ALL CRYPTO AGAIN

!

bridge irb

!

!

interface Loopback0

 description Virtual NAT Interface

 ip address 1.1.1.1 255.255.255.252

!

interface Loopback2

 ip address 2.2.2.2 255.255.255.255

!

interface Null0

 no ip unreachables

!

interface FastEthernet0/0

 description Connected to T1 internet

 ip address 65.XX.XX.226 255.255.255.240

 no ip redirects

 no ip unreachables

 ip directed-broadcast

 ip inspect Firewall out

 ip route-cache flow

 duplex auto

 speed auto

 no cdp enable

 crypto map VPN_Tunnel

 crypto ipsec fragmentation before-encryption

!

interface FastEthernet0/1

 description $FW_INSIDE$

 ip address 192.168.11.254 255.255.255.0

 ip access-group 102 in

 no ip redirects

 no ip unreachables

 ip directed-broadcast

 ip nat inside

 ip virtual-reassembly

 ip policy route-map NAT_Filter

 duplex auto

 speed auto

!

interface FastEthernet0/1.1

 no cdp enable

!

interface Serial0/0/0

 ip address 64.xx.xx.10 255.255.255.252

 no ip redirects

 no ip unreachables

 encapsulation ppp

 service-module t1 timeslots 1-24

!

interface BVI1

 no ip address

!

ip local pool VPN_IPs 192.168.255.1 192.168.255.10

ip forward-protocol udp netbios-ss

ip route 0.0.0.0 0.0.0.0 64.xx.xx.9

ip route 192.168.14.0 255.255.255.0 192.168.11.2

!

ip http server

ip http authentication local

ip http secure-server

ip nat inside source route-map Nat interface FastEthernet0/0 overload

!

ip access-list extended XoStatics

 permit ip 65.XX.XX.224 0.0.0.15 any

!

access-list 100 permit ip 192.168.11.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 100 permit ip 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 100 permit ip 192.168.255.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 100 permit ip 192.168.14.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 100 permit ip 192.168.3.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 100 permit ip 192.168.10.0 0.0.0.255 192.168.14.0 0.0.0.255

access-list 101 deny   ip 192.168.11.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 101 deny   ip 192.168.11.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 101 deny   ip 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 101 deny   ip 192.168.11.0 0.0.0.255 192.168.254.0 0.0.0.255

access-list 101 deny   ip 192.168.11.0 0.0.0.255 192.168.255.0 0.0.0.255

access-list 101 deny   ip 192.168.14.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 101 deny   ip 192.168.14.0 0.0.0.255 192.168.254.0 0.0.0.255

access-list 101 deny   ip 192.168.14.0 0.0.0.255 192.168.255.0 0.0.0.255

access-list 101 deny   ip 192.168.255.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 101 deny   ip 192.168.3.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 101 permit ip 192.168.11.0 0.0.0.255 any

access-list 101 permit ip 192.168.14.0 0.0.0.255 any

access-list 102 remark SDM_ACL Category=17

access-list 102 deny   ip 65.xx.xx.0 0.0.0.127 any

access-list 102 deny   ip host 255.255.255.255 any

access-list 102 deny   ip 127.0.0.0 0.255.255.255 any

access-list 102 permit ip host 192.168.11.28 192.168.254.0 0.0.0.255

access-list 102 permit ip any host 192.168.14.27

access-list 102 permit ip host 192.168.14.27 any

access-list 102 permit tcp any any eq 5060

access-list 102 permit ip host 192.168.14.2 host 209.203.104.37

access-list 102 permit ip host 209.203.104.37 host 192.168.14.2

access-list 102 permit ip host 192.168.14.2 192.168.254.0 0.0.0.255

access-list 102 permit ip 192.168.14.0 0.0.0.255 192.168.254.0 0.0.0.255

access-list 102 deny   ip 192.168.11.0 0.0.0.255 192.168.254.0 0.0.0.255

access-list 102 deny   icmp any 192.168.254.0 0.0.0.255

access-list 102 permit ip any any

access-list 103 permit ip any any

access-list 103 permit ip 192.168.10.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 103 permit ip 192.168.10.0 0.0.0.255 192.168.255.0 0.0.0.255

access-list 103 permit ahp any host 65.xx.xx.46

access-list 103 permit esp any host 65.xx.xx.46

access-list 103 permit udp any host 65.xx.xx.46 eq 5060

access-list 103 permit ip host 192.168.14.27 any

access-list 103 permit ip any host 192.168.14.27

access-list 103 permit ip host 209.203.104.37 host 192.168.14.2

access-list 103 permit ip host 192.168.14.2 host 209.203.104.37

access-list 103 permit udp any host 65.xx.xx.46 eq isakmp

access-list 103 permit udp any host 65.xx.xx.46 eq non500-isakmp

access-list 103 permit esp any any

access-list 103 permit gre any any

access-list 103 permit tcp any any eq 1723

access-list 103 permit ip 192.168.2.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.11.0 0.0.0.255

access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.14.0 0.0.0.255

access-list 103 permit ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255

access-list 103 permit ip 192.168.10.0 0.0.0.255 192.168.14.0 0.0.0.255

access-list 103 permit ip 192.168.254.0 0.0.0.255 host 192.168.11.28

access-list 103 permit ip 192.168.254.0 0.0.0.255 192.168.14.0 0.0.0.255

access-list 103 deny   ip 192.168.254.0 0.0.0.255 any

access-list 103 permit ip 192.168.255.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 103 permit ip 192.168.255.0 0.0.0.255 192.168.11.0 0.0.0.255

access-list 103 permit ip 192.168.255.0 0.0.0.255 192.168.14.0 0.0.0.255

access-list 103 deny   icmp 192.168.254.0 0.0.0.255 any

access-list 103 deny   icmp any host 65.xx.xx.46

access-list 103 permit icmp any any echo-reply

access-list 103 permit icmp any any time-exceeded

access-list 103 permit icmp any any timestamp-reply

access-list 103 permit icmp any any traceroute

access-list 103 permit icmp any any unreachable

access-list 103 deny   icmp any any

access-list 103 permit udp any any eq ntp

access-list 103 permit tcp any host 65.xx.xx.46 eq 161

access-list 103 permit tcp any host 65.xx.xx.46 eq 162

access-list 103 permit udp any host 65.xx.xx.46 eq snmp

access-list 103 permit udp any host 65.xx.xx.46 eq snmptrap

access-list 103 permit udp host 209.203.104.37 host 65.xx.xx.46 eq 5060

access-list 103 permit tcp any host 65.xx.xx.46 eq smtp

access-list 103 permit tcp any host 65.xx.xx.46 eq www

access-list 103 permit tcp any host 65.xx.xx.46 eq 443

access-list 103 permit tcp any host 65.xx.xx.46 eq 3389

access-list 103 permit tcp any host 65.xx.xx.46 eq 4125

access-list 103 permit tcp any host 65.xx.xx.46 eq 37000

access-list 103 permit tcp any host 65.xx.xx.46 eq ftp

access-list 103 permit tcp any host 65.xx.xx.46 eq ftp-data

access-list 103 deny   ip 192.168.11.0 0.0.0.255 any

access-list 103 deny   ip 10.0.0.0 0.255.255.255 any

access-list 103 deny   ip 172.16.0.0 0.15.255.255 any

access-list 103 deny   ip 192.168.0.0 0.0.255.255 any

access-list 103 deny   ip 127.0.0.0 0.255.255.255 any

access-list 103 deny   ip host 255.255.255.255 any

access-list 103 deny   ip host 0.0.0.0 any

access-list 103 deny   ip any any log

access-list 103 permit udp any any eq 5060

access-list 103 permit tcp any any eq 5060

access-list 104 permit ip host 192.168.14.2 any

access-list 104 permit ip any host 192.168.14.2

access-list 104 permit ip 192.168.14.0 0.0.0.255 0.0.0.0 255.255.255.0

access-list 104 remark IP Nodes / Phones

access-list 105 permit ip 192.168.10.0 0.0.0.255 192.168.255.0 0.0.0.255

access-list 105 permit ip 192.168.11.0 0.0.0.255 192.168.255.0 0.0.0.255

access-list 105 permit ip 192.168.14.0 0.0.0.255 192.168.255.0 0.0.0.255

access-list 105 permit ip 192.168.255.0 0.0.0.255 any

access-list 105 remark VPN Split Tunnel Rules

access-list 106 permit ip host 192.168.11.1 192.168.3.0 0.0.0.255

access-list 106 permit ip host 192.168.11.1 192.168.10.0 0.0.0.255

access-list 106 permit ip host 192.168.11.1 192.168.255.0 0.0.0.255

access-list 106 remark Route Map Rules

no cdp run

route-map XoRoutemap permit 10

 match ip address XoStatics

!

route-map NAT_Filter permit 1

 match ip address 106

 set ip next-hop 1.1.1.2

!

route-map XORoutemap permit 10

!

route-map Nat permit 1

 match ip address 101

!

!

!

control-plane

!

bridge 1 protocol ieee

banner motd ^CC

bncvbcv

!

 

end

Open in new window

0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22708109
One thing to note that is very important... For every port forwarded, a static command is needed... if you want to forward that many ports, you will have to have over 5,000 static statements... that is crazy.
Is there no other way to do this so that many ports aren't opened up?
Cheers!
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22708936
One other thing: Generally, you're going to want to use a voice enabled router outside the PIX (like a Cisco ISR) to terminate those SIP connections from the web... If this isn't an option then the only thing we can do is open all those ports. Let me know!
Cheers!
0
 

Author Comment

by:johnritzer
ID: 22709065
there's like no port range ack option....



basically an average asterisk. Can't you just say permit any any

Or deny all tcp since sip is udp driven.  

Thaknks
0
 

Author Comment

by:johnritzer
ID: 22709075
I could then just open the ones I need I thought a 1-1 bat was like no firewally between a global static and an internal static but all ports were opened both ways
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22709325
Oh! Woops! Sorry, I guess I missed the 1-1 NAT you mentioned.
Here are the commands to set it up (as well as an ACL on the FE 0/0 for incoming connections)
FE 0/0 is supposed to be the outside for NAT, right?
Also, what's Serial0/0/0 for?
Cheers!

interface FastEthernet0/0

ip nat outside

access-group 199 in

access-list 199 permit udp any host 65.x.x.228 range 5060 10000

ip nat inside source static tcp 192.168.14.27 interface FastEthernet0/0

Open in new window

0
 

Author Comment

by:johnritzer
ID: 22712380
the s0/0/0 is the actual T1 connection to the NIU and thats what the 64.xx.xx.10

ip connects to the 64.xx.xx.9 255.255.255.252

Thanks greatly for your help
0
 

Author Comment

by:johnritzer
ID: 22712446
so if i put the following code in...
interface FastEthernet0/0
ip nat outside


would i be able to if i point my static box to that ip would it be possible to just go out that that static ip as my outbound like what it would show on www.ipchicken.com
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22713537
Ahhh gotcha on the T1.
Whatever IP you are accessing the web from will show up... If you configure PAT for internet access for internal hosts on only one public IP like my commands do, then the public IP in the command with the "overload" keyword is what will show up.
The IP address of the outside interface isn't usually the one that shows up because a different address is used for PAT, but that can vary on configuration.
All ip nat outside does is tell the router where the outside is. A 1-1 NAT needs to go from outside to inside - that command tells it which interface is outside. You already have the inside command configured.
Cheers!
0
 

Author Comment

by:johnritzer
ID: 22714266
so all the ACLs that are currently in there i dont think they are being used but if i kill them all i cant get internet access so im not to sure if i need to have these in there to allow access from my t1 statics
access-list 102 remark SDM_ACL Category=17
access-list 102 deny   ip 65.xx.xx.0 0.0.0.127 any
access-list 102 deny   ip host 255.255.255.255 any
access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
access-list 102 permit ip host 192.168.11.28 192.168.254.0 0.0.0.255
access-list 102 permit ip any host 192.168.14.27
access-list 102 permit ip host 192.168.14.27 any


i have that in there and im wondering why it denys ip 65.xx.xx.0 0.0.0.127 any


that one is so confusing to me .....


Thanks
0
 

Author Comment

by:johnritzer
ID: 22715169
okay heres another quick issue that im trying to get resolved while i have you here and thanks alot for your help

with that current config above i have my Voice vlan at 192.168.14.x and its gateway route is 192.168.14.253 which is my hp procurve switch

and i had my hp procurve switch go to  
ip route 0.0.0.0 0.0.0.0 192.168.11.254  (1841 router T1)
from existing
ip route 0.0.0.0 0.0.0.0 192.168.11.3     (831 Router dsl)

interface FastEthernet0/0
 description Connected to TelePacific Internet$FW_OUTSIDE$
 ip address 65.105.209.226 255.255.255.240
 ip access-group 199 in
 no ip redirects
 no ip unreachables
 ip directed-broadcast
 ip inspect Firewall out
 ip nat outside
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 no cdp enable
 crypto map VPN_Tunnel
 crypto ipsec fragmentation before-encryption
!
interface FastEthernet0/1
 description $FW_INSIDE$
 ip address 192.168.11.254 255.255.255.0
 ip access-group 102 in
 no ip redirects
 no ip unreachables
 ip directed-broadcast
 ip nat inside
 ip virtual-reassembly
 ip policy route-map NAT_Filter
 duplex auto
 speed auto



i tried putting in 4.2.2.2 in the dns server but didnt go through.... at this time im getting my DNS servers from the ip scheme


Thanks again
0
 

Author Comment

by:johnritzer
ID: 22715692
okie UPDATE sorry again i did put the dns address to see if that helped it (tried 4.2.2.2 first didnt work)

but from the 1841 router i can do a traceroute and a ping but im just wondering why if i point from internal to 192.168.11.254

is this or this preventing it from going out the internet thanks..

ip access-group 102 in
ip policy route-map NAT_Filter

heres the 102 in
access-list 102 remark SDM_ACL Category=17
access-list 102 deny ip 65.xx.xx.0 0.0.0.127 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 permit ip host 192.168.11.28 192.168.254.0 0.0.0.255
access-list 102 permit ip any host 192.168.14.27
access-list 102 permit ip host 192.168.14.27 any
access-list 102 permit tcp any any eq 5060
access-list 102 permit ip host 192.168.14.2 host 209.203.104.37
access-list 102 permit ip host 209.203.104.37 host 192.168.14.2
access-list 102 permit ip host 192.168.14.2 192.168.254.0 0.0.0.255
access-list 102 permit ip 192.168.14.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 102 deny ip 192.168.11.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 102 deny icmp any 192.168.254.0 0.0.0.255
access-list 102 permit ip any any




and heres the route-map NAT_Filter

route-map NAT_Filter permit 1
match ip address 106
set ip next-hop 1.1.1.2

which goes to using this 106 ACL

access-list 106 permit ip host 192.168.11.1 192.168.3.0 0.0.0.255
access-list 106 permit ip host 192.168.11.1 192.168.10.0 0.0.0.255
access-list 106 permit ip host 192.168.11.1 192.168.255.0 0.0.0.255
access-list 106 remark Route Map Rules






thanks


0
 

Author Comment

by:johnritzer
ID: 22716707
HAHA sooooo
i figured out my own problem on getting out
i had to put ip nat outside on the s0/0/0 interface to get out so im going to check to see if i can do some port Trans right now based on the Configs you gave me..
 
 
Thanks
0
 

Accepted Solution

by:
johnritzer earned 0 total points
ID: 22717106
so disregard messages of that i got the internet to go out..
so if its a 1-1 nat does the outbound ip use the one of the single Interface
 
because i did the config you suggestted with the 192.168.14.27  with the 65.xx.xx.228
but when i try to browse to 65.xx.xx.228 it doesnt work but what does work is when i try to browse to 65.xx.xx.226 it goes to 192.168.14.27 so i dont know if im missing a 1-1 nat statement or if because my
ip nat inside source static ip 192.168.14.27 interface FastEthernet0/0  
statment i put in there is making it go only to the 65.xx.xx.226
 
Thanks once again

 
 
0
 

Author Comment

by:johnritzer
ID: 22737365
hey again i would like to thank you for all your help puggle :) im awarding .....
i figured out the ip nat source static internal IP then External ip :)
just a quick question for the ip nating outside i need info to route out say if i have the INCOMING setup with
 
ip nat inside source static 192.168.14.2  65.xx.xx.228
if i have the traffic from 192.168.14.2 directed to 192.168.11.254 as the gateway out to the internet is it possible fo all its traffic to route out the 65.xx.xx.228 and not the 65.xx.xx.226
 
 
thank you very much :) :) :) :)
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now