Solved

Cisco 1841 static nat

Posted on 2008-10-25
4
1,153 Views
Last Modified: 2008-11-09
On an 1841 router.  I am trying to open up another external ip address for inbound traffic, besides the interface address.  Below is my configuration for doing so.  Testing to the external address is still being blocked.  The private to public address natting seems to be done in the ip nat inside source statement.  Something else needed?  



Building configuration...
 

Current configuration : 3675 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname 

!

boot-start-marker

boot system flash c1841-advsecurityk9-mz.124-21.bin

boot-end-marker

!

logging buffered 52000 debugging

enable secret 5 $1$q5ra$F56FCZ7lxzwWPimdEvYMx0

!

no aaa new-model

ip cef

!

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

!

ip domain name yourdomain.com

!

!

!

username cisco privilege 15 secret 5 $1$h1Az$WFGGcgHnwszGQzJu/bSMF.

username admin privilege 15 secret 5 $1$3Jz9$xEGxyD38I721pyMsGjG2s0

!

!

!

!

!

!

interface FastEthernet0/0

 description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ETH-LAN$

 ip address 192.168.2.253 255.255.255.0

 ip nat inside

 ip virtual-reassembly

 duplex auto

 speed auto

!

interface FastEthernet0/1

 description WAN interface

 ip address 75.135.x.1 255.255.255.252

 no ip redirects

 no ip unreachabes

 ip access-group 100 in

 no ip proxy-arp

 ip nat outside

 ip virtual-reassembly

 no ip mroute-cache

 duplex auto

 speed auto

 no cdp enable

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 x.x.x.x

!

ip http server

ip http access-class 23

ip http authentication local

no ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 10 interface FastEthernet0/1 overload

ip nat inside source static tcp 192.168.2.12 25 75.135.x.2 25 extendable

ip nat inside source static tcp 192.168.2.12 443 75.135.x.2 443 extendable

ip nat inside source static tcp 192.168.2.12 3389 75.135.x.2 3389 extendable

!

access-list 100 permit tcp any host 75.135.x.2 eq pop3

access-list 100 permit tcp any host 75.135.x.2 eq smtp

access-list 100 permit tcp any host 75.135.x.2 eq www

access-list 100 permit tcp any host 75.135.x.2 eq 563

access-list 100 permit tcp any host 75.135.x.2 eq 143

access-list 100 permit tcp any host 75.135.x.2 eq 443

access-list 100 permit ip any host 75.135.x.1
 

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.0.0 0.0.0.255

access-list 10 permit 192.168.2.0 0.0.0.255

access-list 23 permit 192.168.2.0 0.0.0.255

no cdp run

!

!

control-plane

!
 
 

!

line con 0

 login local

line aux 0

line vty 0 4

 access-class 23 in

 privilege level 15

 login local

 transport input telnet

line vty 5 15

 access-class 23 in

 privilege level 15

 login local

 transport input telnet

!

scheduler allocate 20000 1000

end

Open in new window

0
Comment
Question by:mmark751969
  • 2
4 Comments
 
LVL 13

Expert Comment

by:Quori
ID: 22806388
I am not sure if it is needed or not, however try adding the IP address as a secondary to the interface.
0
 
LVL 5

Expert Comment

by:rexxus
ID: 22806588
Have you been allocated the /30 range (the 75.135.x.1 and 75.135.x.2) to use.

I don't know your setup completely but I'm guessing the 75.135.x.2 address is the IP address of the interface at the other end of the link of your ISP.  If so you won't be able to use their address to get external users accessing internal resources.
0
 

Author Comment

by:mmark751969
ID: 22809197
Actually, the mask is wrong on faste0/1 on my original post.  It should be 255.255.255.248.  
0
 
LVL 5

Accepted Solution

by:
rexxus earned 125 total points
ID: 22829394
If you want to allow incoming traffic use the commands:

ip nat outside source static tcp 192.168.2.12 25 75.135.x.2 25 extendable
ip nat outside source static tcp 192.168.2.12 443 75.135.x.2 443 extendable
ip nat outside source static tcp 192.168.2.12 3389 75.135.x.2 3389 extendable

You use ip nat outside for traffic coming from outside to inside

Have a look at:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080093f2f.shtml#summary

for a better description.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now