Solved

Cisco 1841 static nat

Posted on 2008-10-25
4
1,159 Views
Last Modified: 2008-11-09
On an 1841 router.  I am trying to open up another external ip address for inbound traffic, besides the interface address.  Below is my configuration for doing so.  Testing to the external address is still being blocked.  The private to public address natting seems to be done in the ip nat inside source statement.  Something else needed?  



Building configuration...
 
Current configuration : 3675 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 
!
boot-start-marker
boot system flash c1841-advsecurityk9-mz.124-21.bin
boot-end-marker
!
logging buffered 52000 debugging
enable secret 5 $1$q5ra$F56FCZ7lxzwWPimdEvYMx0
!
no aaa new-model
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
ip domain name yourdomain.com
!
!
!
username cisco privilege 15 secret 5 $1$h1Az$WFGGcgHnwszGQzJu/bSMF.
username admin privilege 15 secret 5 $1$3Jz9$xEGxyD38I721pyMsGjG2s0
!
!
!
!
!
!
interface FastEthernet0/0
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ETH-LAN$
 ip address 192.168.2.253 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description WAN interface
 ip address 75.135.x.1 255.255.255.252
 no ip redirects
 no ip unreachabes
 ip access-group 100 in
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 no ip mroute-cache
 duplex auto
 speed auto
 no cdp enable
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 x.x.x.x
!
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 10 interface FastEthernet0/1 overload
ip nat inside source static tcp 192.168.2.12 25 75.135.x.2 25 extendable
ip nat inside source static tcp 192.168.2.12 443 75.135.x.2 443 extendable
ip nat inside source static tcp 192.168.2.12 3389 75.135.x.2 3389 extendable
!
access-list 100 permit tcp any host 75.135.x.2 eq pop3
access-list 100 permit tcp any host 75.135.x.2 eq smtp
access-list 100 permit tcp any host 75.135.x.2 eq www
access-list 100 permit tcp any host 75.135.x.2 eq 563
access-list 100 permit tcp any host 75.135.x.2 eq 143
access-list 100 permit tcp any host 75.135.x.2 eq 443
access-list 100 permit ip any host 75.135.x.1
 
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 10 permit 192.168.2.0 0.0.0.255
access-list 23 permit 192.168.2.0 0.0.0.255
no cdp run
!
!
control-plane
!
 
 
!
line con 0
 login local
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet
line vty 5 15
 access-class 23 in
 privilege level 15
 login local
 transport input telnet
!
scheduler allocate 20000 1000
end

Open in new window

0
Comment
Question by:mmark751969
  • 2
4 Comments
 
LVL 13

Expert Comment

by:Quori
ID: 22806388
I am not sure if it is needed or not, however try adding the IP address as a secondary to the interface.
0
 
LVL 5

Expert Comment

by:rexxus
ID: 22806588
Have you been allocated the /30 range (the 75.135.x.1 and 75.135.x.2) to use.

I don't know your setup completely but I'm guessing the 75.135.x.2 address is the IP address of the interface at the other end of the link of your ISP.  If so you won't be able to use their address to get external users accessing internal resources.
0
 

Author Comment

by:mmark751969
ID: 22809197
Actually, the mask is wrong on faste0/1 on my original post.  It should be 255.255.255.248.  
0
 
LVL 5

Accepted Solution

by:
rexxus earned 125 total points
ID: 22829394
If you want to allow incoming traffic use the commands:

ip nat outside source static tcp 192.168.2.12 25 75.135.x.2 25 extendable
ip nat outside source static tcp 192.168.2.12 443 75.135.x.2 443 extendable
ip nat outside source static tcp 192.168.2.12 3389 75.135.x.2 3389 extendable

You use ip nat outside for traffic coming from outside to inside

Have a look at:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080093f2f.shtml#summary

for a better description.
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

AWS has developed and created its highly available global infrastructure allowing users to deploy and manage their estates all across the world through the use of the following geographical components   RegionsAvailability ZonesEdge Locations  Wh…
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question