• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1066
  • Last Modified:

ADSL with multiple IP

Ok..we have a 1841 that we are moving the DSL line to. It currently comes from a 2wire provided by carrier. it is pppoe. We have a block of 5 IP's that we get from them.  we installed an ADSL WIC and a Switch card in the router.  How can i set up the adsl interface so that i can either assign  those IP's with static NAT statements.  do i need to create a dialer interface? and should the dialer be the default route...here is the current setup...I don't have anything configured on the ADSL stuff yet

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname MW_WAN
!
boot-start-marker
boot system flash c1841-advsecurityk9-mz.124-21a.bin
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
no logging exception
logging buffered 4096 debugging
logging console errors

aaa new-model
!
!
aaa authentication login USER_VPN group radius
aaa authorization network GROUP_VPN local
!
aaa session-id common
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
ip domain name micro.net
ip name-server 192.168.57.11



!
!
crypto pki trustpoint TP-self-signed-383872724
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-383872724
 revocation-check none
 rsakeypair TP-self-signed-383872724
!
!
crypto pki certificate chain TP-self-signed-383872724
 certificate self-signed 01
  30820246 308201AF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33383338 37323732 34301E17 0D303730 36303732 30323231
  325A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3338 33383732
  37323430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  C077D9DE 1750E10E 330D6E19 58BD6E40 7C374F99 D083E2D1 940B1A39 60BDC296
  8FDB451F B50F464C 7033DEAE 50B16BBF 970176AA 2C0B48E6 F630901B 50753FBB
  F67D6F6B CC1A7D2E A069FEE5 9CCF591E 51BEBD0F 49CD1755 1D0650C3 0C253122
  1BA9682D E126DB7F 0FA450F8 E663178B 7E5CA7D9 24B364FD D29937EF 2CC20C81
  02030100 01A37030 6E300F06 03551D13 0101FF04 05300301 01FF301B 0603551D
  11041430 1282104D 575F5741 4E2E6D69 63726F2E 6E657430 1F060355 1D230418
  30168014 805764C2 B35DE9CE D0DE2A24 09726D2A E825EC7A 301D0603 551D0E04
  16041480 5764C2B3 5DE9CED0 DE2A2409 726D2AE8 25EC7A30 0D06092A 864886F7
  0D010104 05000381 81004257 03B1DBBB A070E6E8 3FD82BFA C6EAD631 8EBDA7CA
  A3CC9E7E 15564173 4975C308 E1CFF8B2 F04BB6B3 F265F5DB A05C2A1B 40EA12FE
  175198B7 10DF49CA E335C642 8D76A93C F8A97779 EF8BF16E BE2D61CD 5F2F1D2D
  79079226 332953BD D543039B 4129DD8D CFBB3A52 EAD7156D 0D7986A0 9A1E61AB
  077DC98E D9E3AB05 D2A9
  quit

!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
!
policy-map WEBVPN_Policy
!
!
!
crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp policy 2
 encr aes 256
 authentication pre-share
 group 2
!
crypto isakmp policy 10
 hash md5
 authentication pre-share
crypto isakmp key MW_RECTunnel address 216.207.224.5 no-xauth
crypto isakmp key MW_FDTunnel address 216.207.224.2 no-xauth
crypto isakmp key MW_WATERTunnel address 216.207.224.3 no-xauth
crypto isakmp key MW_COBVPNTunnel address 70.62.43.150 no-xauth
crypto isakmp key MW_POLTunnel address 216.207.224.4 no-xauth
crypto isakmp key MW_TJKTunnel address 74.204.74.69 no-xauth
crypto isakmp keepalive 15
!
crypto isakmp client configuration group MWVPN
 key Deploy57
 dns 192.168.57.11
 pool VPN_POOL
 acl 105
 netmask 255.255.255.0
!
crypto isakmp client configuration group GROUP_VPN
!
!
crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
crypto ipsec transform-set AES256 esp-aes 256 esp-sha-hmac
!
crypto dynamic-map VPN_Clients 100
 set transform-set 3DES
 reverse-route
!
!
crypto map VPN client authentication list USER_VPN
crypto map VPN isakmp authorization list GROUP_VPN
crypto map VPN client configuration address respond
crypto map VPN 10 ipsec-isakmp
 description Tunnel to COB
 set peer 70.62.43.150
 set transform-set 3DES
 match address MW2COB
crypto map VPN 20 ipsec-isakmp
 set peer 216.207.224.4
 set transform-set 3DES
 match address MW2POL
crypto map VPN 30 ipsec-isakmp
 description Tunnel to COB Water
 set peer 216.207.224.3
 set transform-set 3DES
 match address MW2WAT
crypto map VPN 50 ipsec-isakmp
 description Tunnel to TJK
 set peer 74.204.74.69
 set transform-set 3DES
 match address MW2TJK
crypto map VPN 65535 ipsec-isakmp dynamic VPN_Clients
!
!
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.252
!
interface Null0
 no ip unreachables
!
interface FastEthernet0/0
 description MW_WAN/VPN
 ip address dhcp
 ip accounting output-packets
 ip nat outside
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache
 duplex auto
 speed auto
 crypto map VPN
!
interface FastEthernet0/0.1
 encapsulation dot1Q 10
 ip address 192.168.100.1 255.255.255.0
 no ip route-cache
 no cdp enable
!
interface FastEthernet0/1
 description MW_LAN
 ip address 192.168.57.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache
 ip policy route-map VPN
 duplex auto
 speed auto
!
interface FastEthernet0/1/0
!
interface FastEthernet0/1/1
!
interface FastEthernet0/1/2
!
interface FastEthernet0/1/3
!
interface ATM0/0/0
 no ip address
 shutdown
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface Vlan1
 no ip address
!
ip local pool VPN_POOL 10.10.10.1 10.10.10.254
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.254
!
ip http server
ip http port 8080
ip http access-class 50
ip http authentication local
no ip http secure-server
ip nat inside source route-map NAT interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.57.90 21 75.13.63.69 21 extendable
ip nat inside source static tcp 192.168.57.11 25 75.13.63.69 25 extendable
ip nat inside source static tcp 192.168.57.11 50 75.13.63.69 50 extendable
ip nat inside source static udp 192.168.57.11 50 75.13.63.69 50 extendable
ip nat inside source static tcp 192.168.57.11 80 75.13.63.69 80 extendable
ip nat inside source static tcp 192.168.57.11 5633 75.13.63.69 5633 extendable
ip nat inside source static udp 192.168.57.11 5634 75.13.63.69 5634 extendable
ip nat inside source static tcp 192.168.57.50 5888 75.13.63.69 5888 extendable
ip nat inside source static udp 192.168.57.50 5889 75.13.63.69 5889 extendable
ip nat inside source static tcp 192.168.57.50 57892 75.13.63.69 57892 extendable
!
ip access-list extended MW2COB
 remark MW VPN to COB
 permit ip 192.168.57.0 0.0.0.255 10.1.1.0 0.0.0.255
ip access-list extended MW2POL
 permit ip 192.168.57.0 0.0.0.255 10.1.9.0 0.0.0.255
 remark MW VPN to Pollution Control
ip access-list extended MW2TJK
 permit ip 192.168.57.0 0.0.0.255 10.11.11.0 0.0.0.255
 remark MW VPN to TJK
ip access-list extended MW2WAT
 permit ip 192.168.57.0 0.0.0.255 10.1.11.0 0.0.0.255
 remark MW VPN to Water Plant
ip access-list extended inet-traffic
 deny   ip 192.0.0.0 0.255.255.255 192.168.0.0 0.0.255.255
 deny   ip 192.0.0.0 0.255.255.255 172.16.0.0 0.15.255.255
 deny   ip 192.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
 permit ip 192.168.57.0 0.0.0.255 any
!
access-list 198 permit ip 192.168.57.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 199 permit ip 192.168.57.0 0.0.0.255 10.10.10.0 0.0.0.255
snmp-server community public RW
snmp-server chassis-id CiscoRouter
no cdp run
route-map VPN permit 10
 match ip address 198
 set ip next-hop 1.1.1.2
!
route-map NAT permit 10
 match ip address inet-traffic
!
!
!
control-plane
!
banner login ^C
*****************************************************************
* Unauthorized access will be prosecuted to the fullest extent  *
* of the law.  To avoid criminal charges, disconnect NOW        *
*****************************************************************
^C
banner motd ^CLogin Successful^C
!
line con 0
 transport output telnet
line aux 0
 transport output telnet
line vty 0 4
 
!
scheduler allocate 20000 1000
end

thanks in advance
0
jasonmichel
Asked:
jasonmichel
  • 11
  • 10
1 Solution
 
JFrederick29Commented:
Here is a config guide to get you started.  You will need the PVC value from your ISP and the PAP or CHAP username and password.  You might be able to get it from the 2wire device.

http://www.cisco.com/en/US/tech/tk175/tk15/technologies_configuration_example09186a0080093e67.shtml

The ATM0/0/0 configuration and dialer interface configuration are what you need.  Your NAT overload statement and default route will need to be changed to reference the dialer interface.  The vpdn config isn't needed with the IOS you are running.
0
 
jasonmichelAuthor Commented:
well i got it up an running with the exception of a couple things...1 is my vpn tunnels, i reassigned the crypto map to the dialer int. but i think the issue is maybe because before when it was on the fa0/0 and getting the ip from the 2wire, it was getting a .69 address.. now the dialer is getting a .70 address..  owa/mail etc is coming in fine on .69 but tunnels aren't working.  and we have a web server that i created a static nat for 80 and 21 traffic..the 80 traffic is working but i can't get the 21 traffic to.  heres my current config, maybe you see something

 







 
Current configuration : 8762 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname MW_WAN
!
boot-start-marker
boot system flash c1841-advsecurityk9-mz.124-21a.bin
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
no logging exception
logging buffered 4096 debugging
logging console errors

!
aaa new-model
!
!
aaa authentication login USER_VPN group radius
aaa authorization network GROUP_VPN local
!
aaa session-id common
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
ip domain name micro.net
ip name-server 192.168.57.11
!
!
crypto pki trustpoint TP-self-signed-383872724
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-383872724
 revocation-check none
 rsakeypair TP-self-signed-383872724
69666963 6174652D 33383338 37323732 34301E17 0D303730 36303732 30323231
  325A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3338 33383732
  37323430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  C077D9DE 1750E10E 330D6E19 58BD6E40 7C374F99 D083E2D1 940B1A39 60BDC296
  8FDB451F B50F464C 7033DEAE 50B16BBF 970176AA 2C0B48E6 F630901B 50753FBB
  F67D6F6B CC1A7D2E A069FEE5 9CCF591E 51BEBD0F 49CD1755 1D0650C3 0C253122
  1BA9682D E126DB7F 0FA450F8 E663178B 7E5CA7D9 24B364FD D29937EF 2CC20C81
  02030100 01A37030 6E300F06 03551D13 0101FF04 05300301 01FF301B 0603551D
  11041430 1282104D 575F5741 4E2E6D69 63726F2E 6E657430 1F060355 1D230418
  30168014 805764C2 B35DE9CE D0DE2A24 09726D2A E825EC7A 301D0603 551D0E04
  16041480 5764C2B3 5DE9CED0 DE2A2409 726D2AE8 25EC7A30 0D06092A 864886F7
  0D010104 05000381 81004257 03B1DBBB A070E6E8 3FD82BFA C6EAD631 8EBDA7CA
  A3CC9E7E 15564173 4975C308 E1CFF8B2 F04BB6B3 F265F5DB A05C2A1B 40EA12FE
  175198B7 10DF49CA E335C642 8D76A93C F8A97779 EF8BF16E BE2D61CD 5F2F1D2D
  79079226 332953BD D543039B 4129DD8D CFBB3A52 EAD7156D 0D7986A0 9A1E61AB
  077DC98E D9E3AB05 D2A9
  quit
<cut>
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
!
policy-map WEBVPN_Policy
!
!
!
crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp policy 2
 encr aes 256
 authentication pre-share
 group 2
!
crypto isakmp policy 10
 hash md5
 authentication pre-share
crypto isakmp key MW_RECTunnel address 216.207.224.5 no-xauth
crypto isakmp key MW_FDTunnel address 216.207.224.2 no-xauth
crypto isakmp key MW_WATERTunnel address 216.207.224.3 no-xauth
crypto isakmp key MW_COBVPNTunnel address 70.62.43.150 no-xauth
crypto isakmp key MW_POLTunnel address 216.207.224.4 no-xauth
crypto isakmp key MW_TJKTunnel address 74.204.74.69 no-xauth
crypto isakmp keepalive 15
!
crypto isakmp client configuration group MWVPN
 key Deploy57
 dns 192.168.57.11
 pool VPN_POOL
 acl 105
 netmask 255.255.255.0
!
crypto isakmp client configuration group GROUP_VPN
!
!
crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
crypto ipsec transform-set AES256 esp-aes 256 esp-sha-hmac
!
crypto dynamic-map VPN_Clients 100
 set transform-set 3DES
 reverse-route
!
!
crypto map VPN client authentication list USER_VPN
crypto map VPN isakmp authorization list GROUP_VPN
crypto map VPN client configuration address respond
crypto map VPN 10 ipsec-isakmp
 description Tunnel to COB
 set peer 70.62.43.150
 set transform-set 3DES
 match address MW2COB
crypto map VPN 20 ipsec-isakmp
 set peer 216.207.224.4
 set transform-set 3DES
 match address MW2POL
crypto map VPN 30 ipsec-isakmp
 description Tunnel to COB Water
 set peer 216.207.224.3
 set transform-set 3DES
 match address MW2WAT
crypto map VPN 50 ipsec-isakmp
 description Tunnel to TJK
 set peer 74.204.74.69
 set transform-set 3DES
 match address MW2TJK
crypto map VPN 65535 ipsec-isakmp dynamic VPN_Clients
!
!
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.252
!
interface Null0
 no ip unreachables
!
interface FastEthernet0/0
 description MW_WAN/VPN
 ip address dhcp
 ip accounting output-packets
 ip nat outside
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache
 shutdown
 duplex auto
 speed auto
 crypto map VPN
!
interface FastEthernet0/1
 description MW_LAN
 ip address 192.168.57.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache
 ip policy route-map VPN
 duplex auto
 speed auto
!
interface FastEthernet0/1/0
 switchport access vlan 10
!
interface FastEthernet0/1/1
!
interface FastEthernet0/1/2
!
interface FastEthernet0/1/3
!
interface ATM0/0/0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
 pvc 0/35
  pppoe-client dial-pool-number 1
 !
!
interface Vlan1
 no ip address
!
interface Vlan10
 no ip address
!
interface Dialer1
 mtu 1492
 ip address negotiated
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 no cdp enable
 ppp chap hostname microworksinc@static.sbcglobal.net
 ppp chap password 7 02310C775B565E
 ppp pap sent-username microworksinc@static.sbcglobal.net password 7 01240E280B5B57
 crypto map VPN
!
ip local pool VPN_POOL 10.10.10.1 10.10.10.254
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.254
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
ip http port 8080
ip http access-class 50
ip http authentication local
no ip http secure-server
ip nat pool PUBLIC 75.13.63.65 75.13.63.70 netmask 255.255.255.248
ip nat inside source route-map NAT interface Dialer1 overload
ip nat inside source static tcp 192.168.57.90 21 75.13.63.65 21 extendable
ip nat inside source static tcp 192.168.57.90 80 75.13.63.65 80 extendable
ip nat inside source static tcp 192.168.57.11 25 75.13.63.69 25 extendable
ip nat inside source static tcp 192.168.57.11 50 75.13.63.69 50 extendable
ip nat inside source static udp 192.168.57.11 50 75.13.63.69 50 extendable
ip nat inside source static tcp 192.168.57.11 80 75.13.63.69 80 extendable
ip nat inside source static tcp 192.168.57.11 5633 75.13.63.69 5633 extendable
ip nat inside source static udp 192.168.57.11 5634 75.13.63.69 5634 extendable
ip nat inside source static tcp 192.168.57.50 5888 75.13.63.69 5888 extendable
ip nat inside source static udp 192.168.57.50 5889 75.13.63.69 5889 extendable
ip nat inside source static tcp 192.168.57.50 57892 75.13.63.69 57892 extendable
!
ip access-list extended MW2COB
 remark MW VPN to COB
 permit ip 192.168.57.0 0.0.0.255 10.1.1.0 0.0.0.255
ip access-list extended MW2POL
 permit ip 192.168.57.0 0.0.0.255 10.1.9.0 0.0.0.255
 remark MW VPN to Pollution Control
ip access-list extended MW2TJK
 permit ip 192.168.57.0 0.0.0.255 10.11.11.0 0.0.0.255
 remark MW VPN to TJK
ip access-list extended MW2WAT
 permit ip 192.168.57.0 0.0.0.255 10.1.11.0 0.0.0.255
 remark MW VPN to Water Plant
ip access-list extended inet-traffic
 deny   ip 192.0.0.0 0.255.255.255 192.168.0.0 0.0.255.255
 deny   ip 192.0.0.0 0.255.255.255 172.16.0.0 0.15.255.255
 deny   ip 192.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
 permit ip 192.168.57.0 0.0.0.255 any
!
access-list 198 permit ip 192.168.57.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 199 permit ip 192.168.57.0 0.0.0.255 10.10.10.0 0.0.0.255
snmp-server community public RW
snmp-server chassis-id CiscoRouter
no cdp run
route-map VPN permit 10
 match ip address 198
 set ip next-hop 1.1.1.2
!
route-map NAT permit 10
 match ip address inet-traffic
!
!
radius-server host 192.168.57.11 auth-port 1645 acct-port 1646
radius-server key 7 030752180500701E1D
!
control-plane
!
banner login ^C
*****************************************************************
* Unauthorized access will be prosecuted to the fullest extent  *
* of the law.  To avoid criminal charges, disconnect NOW        *
*****************************************************************
^C
banner motd ^CLogin Successful^C
!
line con 0
 transport output telnet
line aux 0
 transport output telnet
l
!
scheduler allocate 20000 1000
end
0
 
JFrederick29Commented:
You want to delete this route:

conf t
no ip route 0.0.0.0 0.0.0.0 192.168.1.254

The VPN traffic endpoints (remote clients and peers) will need to have their config changed to the .70 address.  Does the .69 address work but not the .65?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
jasonmichelAuthor Commented:
the .69 address does work...it gives access to the mail/web etc..its just it set as peer address on the other end of tunnel.. could i force my router to send out like its coming from .69?  and yes .65 is working for the web, but not ftp..
0
 
JFrederick29Commented:
The problem is your ISP is routing your static IP addresses via the .70 address so you can't change it unless you work with your ISP (maybe they can change routing on their end).  Otherwise, you need to change your VPN clients/peers to the .70 address.
0
 
jasonmichelAuthor Commented:
gotcha...any idea about the ftp traffic?  i can see the router translating it

tcp 75.13.63.65:21     192.168.57.90:21   ---                ---


but its not getting through
0
 
JFrederick29Commented:
This worked before?  If the 80 to .65 is working, routing is not an issue.  If it worked before, it should work now.  Can you FTP to 192.168.57.90 internally?
0
 
jasonmichelAuthor Commented:
yes we can internally
0
 
JFrederick29Commented:
Hmm.  Are you doing Active or Passive FTP?
0
 
jasonmichelAuthor Commented:
not sure..how can i tell?
0
 
JFrederick29Commented:
How are you testing?  From a host on the Internet?  Are you using Internet Explorer or Windows command line FTP or a different program?  The NAT translation you see if the static translation.  When you attempt a connection, you should see your public IP as the source.
0
 
jasonmichelAuthor Commented:
from a host on the internet via a command line
0
 
JFrederick29Commented:
Okay, in that case, add this as well.

conf t
ip nat inside source static tcp 192.168.57.90 20 75.13.63.65 20 extendable

Also, try Internet Explorer which does Passive FTP.
0
 
jasonmichelAuthor Commented:
that didn't work either..hmm
0
 
jasonmichelAuthor Commented:
do i need an access-list to allow out?
0
 
JFrederick29Commented:
No, you don't need an access-list.  Did you try Internet Explorer or Firefox?  IE needs to have the passive FTP option checked in advanced properties (might be default).  This worked before? how were you doing it before?  The changes you made should not have impacted this...
0
 
jasonmichelAuthor Commented:
yes it worked when the cisco was behind the 2 wire device and the web server was plugged directly into the 2wire device.  like i said 80 works on the same server from the outside..lol, i used IE explorer and ftp works internally
0
 
JFrederick29Commented:
Ahh, okay, the server was plugged into the 2wire (that makes sense).  I was scratching my head over how this was working before (I assumed it was behind the 1841).

80 is much simpler to NAT.  What you can do to perhaps resolve this is do a 1-1 static NAT meaning map all ports from 75.13.63.65 to 192.168.57.90.  You can use an access-list to restrict the other ports but lets see if that fixes it first.

Try this:

conf t
no ip nat inside source static tcp 192.168.57.90 21 75.13.63.65 21 extendable
no ip nat inside source static tcp 192.168.57.90 80 75.13.63.65 80 extendable
ip nat inside source static 192.168.57.90 75.13.63.65

The one downside to doing this is that 75.13.63.65 can only be tied to 192.168.57.90 (not a big deal since this was the case when you had it in the 2wire).
0
 
jasonmichelAuthor Commented:
%: Error: static entry still in use, cannot remove


i keep getting this error?
0
 
JFrederick29Commented:
Oh, right, you need to do a clear ip nat t * first but this will interrupt traffic (briefly).
0
 
jasonmichelAuthor Commented:
worked like a charm..thanks
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 11
  • 10
Tackle projects and never again get stuck behind a technical roadblock.
Join Now