Solved

Cisco 1841 static nat

Posted on 2008-10-25
4
1,157 Views
Last Modified: 2008-11-09
On an 1841 router.  I am trying to open up another external ip address for inbound traffic, besides the interface address.  Below is my configuration for doing so.  Testing to the external address is still being blocked.  The private to public address natting seems to be done in the ip nat inside source statement.  Something else needed?  



Building configuration...
 

Current configuration : 3675 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname 

!

boot-start-marker

boot system flash c1841-advsecurityk9-mz.124-21.bin

boot-end-marker

!

logging buffered 52000 debugging

enable secret 5 $1$q5ra$F56FCZ7lxzwWPimdEvYMx0

!

no aaa new-model

ip cef

!

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

!

ip domain name yourdomain.com

!

!

!

username cisco privilege 15 secret 5 $1$h1Az$WFGGcgHnwszGQzJu/bSMF.

username admin privilege 15 secret 5 $1$3Jz9$xEGxyD38I721pyMsGjG2s0

!

!

!

!

!

!

interface FastEthernet0/0

 description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ETH-LAN$

 ip address 192.168.2.253 255.255.255.0

 ip nat inside

 ip virtual-reassembly

 duplex auto

 speed auto

!

interface FastEthernet0/1

 description WAN interface

 ip address 75.135.x.1 255.255.255.252

 no ip redirects

 no ip unreachabes

 ip access-group 100 in

 no ip proxy-arp

 ip nat outside

 ip virtual-reassembly

 no ip mroute-cache

 duplex auto

 speed auto

 no cdp enable

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 x.x.x.x

!

ip http server

ip http access-class 23

ip http authentication local

no ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 10 interface FastEthernet0/1 overload

ip nat inside source static tcp 192.168.2.12 25 75.135.x.2 25 extendable

ip nat inside source static tcp 192.168.2.12 443 75.135.x.2 443 extendable

ip nat inside source static tcp 192.168.2.12 3389 75.135.x.2 3389 extendable

!

access-list 100 permit tcp any host 75.135.x.2 eq pop3

access-list 100 permit tcp any host 75.135.x.2 eq smtp

access-list 100 permit tcp any host 75.135.x.2 eq www

access-list 100 permit tcp any host 75.135.x.2 eq 563

access-list 100 permit tcp any host 75.135.x.2 eq 143

access-list 100 permit tcp any host 75.135.x.2 eq 443

access-list 100 permit ip any host 75.135.x.1
 

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.0.0 0.0.0.255

access-list 10 permit 192.168.2.0 0.0.0.255

access-list 23 permit 192.168.2.0 0.0.0.255

no cdp run

!

!

control-plane

!
 
 

!

line con 0

 login local

line aux 0

line vty 0 4

 access-class 23 in

 privilege level 15

 login local

 transport input telnet

line vty 5 15

 access-class 23 in

 privilege level 15

 login local

 transport input telnet

!

scheduler allocate 20000 1000

end

Open in new window

0
Comment
Question by:mmark751969
  • 2
4 Comments
 
LVL 13

Expert Comment

by:Quori
ID: 22806388
I am not sure if it is needed or not, however try adding the IP address as a secondary to the interface.
0
 
LVL 5

Expert Comment

by:rexxus
ID: 22806588
Have you been allocated the /30 range (the 75.135.x.1 and 75.135.x.2) to use.

I don't know your setup completely but I'm guessing the 75.135.x.2 address is the IP address of the interface at the other end of the link of your ISP.  If so you won't be able to use their address to get external users accessing internal resources.
0
 

Author Comment

by:mmark751969
ID: 22809197
Actually, the mask is wrong on faste0/1 on my original post.  It should be 255.255.255.248.  
0
 
LVL 5

Accepted Solution

by:
rexxus earned 125 total points
ID: 22829394
If you want to allow incoming traffic use the commands:

ip nat outside source static tcp 192.168.2.12 25 75.135.x.2 25 extendable
ip nat outside source static tcp 192.168.2.12 443 75.135.x.2 443 extendable
ip nat outside source static tcp 192.168.2.12 3389 75.135.x.2 3389 extendable

You use ip nat outside for traffic coming from outside to inside

Have a look at:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080093f2f.shtml#summary

for a better description.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
MiTM SSH session on a Cisco device talking TACACS+ 1 64
How to use a IP block on cisco 877 3 42
New TWC modem/router breaks network 53 72
Cost effective dual wan w/ qos 5 29
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now