[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Cisco 1841 T1 PPP config

Posted on 2008-11-18
4
Medium Priority
?
946 Views
Last Modified: 2012-05-05
We replaced an Adtran channel bank with a Cisco 1841 with T1 Wic.  The T1 provider has assigned an IP for the T1 serial interface that is a 1-to-1 IP they list as WAN 74.xxx.xxx.xxx 255.255.255.252.  They also list a Public Lan subnet of 216.xxx.xxx.xxx 255.255.255.240.  I am trying to configure the router so that DNS mail entries pointed to a 216.xxx.xxx.xxx address will be NAT'd to a 192.168.1.10 address connected to the FE0/0 interface.  Is there a way to create a virtual interface between the serial and FE interfaces that can be configured to repond to requests sent to the 216 IP?  I also need outgoing traffic to be tagged as from the 216 address for reverse PTR reasons.  Below is the current config:

!----------------------------------------------------------------------------
!version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no ip subnet-zero
ip cef
!
!
!
!
ip domain name *****
ip name-server xx.xx.xx.xx
ip name-server xx.xx.xx.xx
!
username admin privilege 15 secret 5 *****
!
!
!
interface FastEthernet0/0
 description LAN$ETH-LAN$
 ip address 192.168.1.254 255.255.255.0 secondary
 ip address 216.xx.xx.xx 255.255.255.240
 ip access-group LAN out
 ip mask-reply
 ip nat inside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0/0
 ip address 74.xx.xx.xx 255.255.255.252
 ip nat outside
 encapsulation ppp
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0 permanent
!
ip http server
ip http port 9090
ip http access-class 23
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list LAN interface Serial0/0/0 overload
ip nat inside source static tcp 192.168.1.10 25 216.xx.xx.xx 25 extendable
!
ip access-list standard LAN
 remark LAN
 remark SDM_ACL Category=1
 permit 192.168.1.0 0.0.0.255
 permit any
!
access-list 23 permit any
!
control-plane
!
!
line con 0
 login local
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet
line vty 5 15
 access-class 23 in
 privilege level 15
 login local
 transport input telnet
!
end

If I change the FE0/0 interface IP to just the 192 address and the "ip nat inside source list" line from the serial interface to the 216 ip will that accomplish what I want?
0
Comment
Question by:aibusinesssolutions
  • 3
4 Comments
 
LVL 15

Expert Comment

by:bkepford
ID: 22985527
You just need to do it with NAT
Take off your secondary IP and the ACL(since it does nothing from the fe0/0 interface like this
interface FastEthernet0/0
 description LAN$ETH-LAN$
 ip address 192.168.1.254 255.255.255.0
 ip nat inside

Then change your NAT to look like this:

ip nat pool NATPUB 216.0.0.1 216.0.0.15 netmask 255.255.255.240
!
ip nat inside source list LAN pool NATPUB
ip nat inside source static tcp 192.168.1.10 25 216.xx.xx.xx 25 extendable


If you want to use PAT it is a little different, You just need to add the keyword overload and change the pool to be only one IP address.

ip nat inside source list LAN pool NATPUB overload
ip nat pool NATPUB 216.0.0.1 216.0.0.1 netmask 255.255.255.240

 
 
0
 
LVL 15

Author Comment

by:aibusinesssolutions
ID: 22998206
Thank you for the input on the NAT/ PAT configuration.
I'm a little confused when it comes to the ACL.  Maybe its because all of the prior pieces I've configured had the security IOS but I thought if you didn't include the ACL it wouldn't allow any outbound traffic?
0
 
LVL 15

Accepted Solution

by:
bkepford earned 2000 total points
ID: 22998261
Sorry for the confusion I meant on your interface. Keep this

ip access-list standard LAN
 remark LAN
 remark SDM_ACL Category=1
 permit 192.168.1.0 0.0.0.255
 permit any

Remove this

interface FastEthernet0/0
 no ip access-group LAN out
0
 
LVL 15

Expert Comment

by:bkepford
ID: 23139360
Did this work for you or did you need any further assistance?
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question