Solved

Cisco 1841 static nat

Posted on 2008-10-25
4
1,166 Views
Last Modified: 2008-11-09
On an 1841 router.  I am trying to open up another external ip address for inbound traffic, besides the interface address.  Below is my configuration for doing so.  Testing to the external address is still being blocked.  The private to public address natting seems to be done in the ip nat inside source statement.  Something else needed?  



Building configuration...
 
Current configuration : 3675 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 
!
boot-start-marker
boot system flash c1841-advsecurityk9-mz.124-21.bin
boot-end-marker
!
logging buffered 52000 debugging
enable secret 5 $1$q5ra$F56FCZ7lxzwWPimdEvYMx0
!
no aaa new-model
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
ip domain name yourdomain.com
!
!
!
username cisco privilege 15 secret 5 $1$h1Az$WFGGcgHnwszGQzJu/bSMF.
username admin privilege 15 secret 5 $1$3Jz9$xEGxyD38I721pyMsGjG2s0
!
!
!
!
!
!
interface FastEthernet0/0
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ETH-LAN$
 ip address 192.168.2.253 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description WAN interface
 ip address 75.135.x.1 255.255.255.252
 no ip redirects
 no ip unreachabes
 ip access-group 100 in
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 no ip mroute-cache
 duplex auto
 speed auto
 no cdp enable
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 x.x.x.x
!
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 10 interface FastEthernet0/1 overload
ip nat inside source static tcp 192.168.2.12 25 75.135.x.2 25 extendable
ip nat inside source static tcp 192.168.2.12 443 75.135.x.2 443 extendable
ip nat inside source static tcp 192.168.2.12 3389 75.135.x.2 3389 extendable
!
access-list 100 permit tcp any host 75.135.x.2 eq pop3
access-list 100 permit tcp any host 75.135.x.2 eq smtp
access-list 100 permit tcp any host 75.135.x.2 eq www
access-list 100 permit tcp any host 75.135.x.2 eq 563
access-list 100 permit tcp any host 75.135.x.2 eq 143
access-list 100 permit tcp any host 75.135.x.2 eq 443
access-list 100 permit ip any host 75.135.x.1
 
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 10 permit 192.168.2.0 0.0.0.255
access-list 23 permit 192.168.2.0 0.0.0.255
no cdp run
!
!
control-plane
!
 
 
!
line con 0
 login local
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet
line vty 5 15
 access-class 23 in
 privilege level 15
 login local
 transport input telnet
!
scheduler allocate 20000 1000
end

Open in new window

0
Comment
Question by:mmark751969
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 13

Expert Comment

by:Quori
ID: 22806388
I am not sure if it is needed or not, however try adding the IP address as a secondary to the interface.
0
 
LVL 5

Expert Comment

by:rexxus
ID: 22806588
Have you been allocated the /30 range (the 75.135.x.1 and 75.135.x.2) to use.

I don't know your setup completely but I'm guessing the 75.135.x.2 address is the IP address of the interface at the other end of the link of your ISP.  If so you won't be able to use their address to get external users accessing internal resources.
0
 

Author Comment

by:mmark751969
ID: 22809197
Actually, the mask is wrong on faste0/1 on my original post.  It should be 255.255.255.248.  
0
 
LVL 5

Accepted Solution

by:
rexxus earned 125 total points
ID: 22829394
If you want to allow incoming traffic use the commands:

ip nat outside source static tcp 192.168.2.12 25 75.135.x.2 25 extendable
ip nat outside source static tcp 192.168.2.12 443 75.135.x.2 443 extendable
ip nat outside source static tcp 192.168.2.12 3389 75.135.x.2 3389 extendable

You use ip nat outside for traffic coming from outside to inside

Have a look at:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080093f2f.shtml#summary

for a better description.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times where you would like to have access to information that is only available from a different network. This network could be down the hall, or across country. If each of the network sites have access to the internet, you can create a ne…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question