Solved

Configure Cisco 857 without NAT

Posted on 2009-03-30
12
1,948 Views
Last Modified: 2012-05-06
I have a Cisco 857 router atached to an ADSL connection with a static IP address. The router is connected to an ISA server. I want the ISA server to have the External IP address, rather than a private IP which is NATed. I don't have much experience with Cisco, I've been landed with this thing and no budget to buy a simpler router, but I've been trying to set it up using SDM, unsucessfully.
How can I set up the router so that the network adapter on the server behaves as if it is directly connected to the web, with no firewall or NAT or anything?
0
Comment
Question by:silent_waters
  • 7
  • 3
  • 2
12 Comments
 
LVL 4

Expert Comment

by:lpacker
ID: 24024649
You connect to the SDM by an IP address, so you will not be able to do this without losing connectivity. You will have to disable ip routing and Cisco 857.
You should connect to the router via the console port and depending on your exact model, enter commands as:
http://www.cisco.com/en/US/products/hw/routers/ps380/products_qanda_item09186a00800949ec.shtml#q1
 
 
0
 

Author Comment

by:silent_waters
ID: 24030316
Ok, making some progress i think. I've set up as advised, and am now getting an error: *Mar  1 01:57:37.559: %TBRIDGE-4-NOVCFLOOD: No VC's configured for bridging on ATM0
Not quite sure what this means, but if I do a show bridge I can only see the ethernet port in the list for bridge 1, even though i have tried to add ATM0 a couple of times.
0
 

Expert Comment

by:trbooth
ID: 24030327
You will want to do this connecting through the console port.

What lpacker mentioned may be one way to do it, however, I personally would prefer to keep routing on the device and just use static NAT:

Issue these commands:

ip nat inside source static <server_ip> interface Dialer0

## assuming you're using a dialer0 interface for the DSL
interface Dialer0
 ip nat outside

## assuming you're using VLAN1 for the switched/bridged interfaces
interface VLAN1
 ip nat inside
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:silent_waters
ID: 24030328
Running config is atached.
Current configuration : 1088 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname wlcerora
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
no ip routing
!
!
no ip cef
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
!
interface ATM0
 no ip address
 no ip route-cache
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
 bridge-group 1
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 no ip address
 no ip route-cache
 bridge-group 1
!
interface Dialer0
 no ip address
 encapsulation ppp
 dialer pool 1
 ppp authentication chap callin
 ppp chap hostname zen179208@zen
 ppp chap password 0 q2aquZp7
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
control-plane
!
bridge 1 protocol ieee
!
line con 0
 no modem enable
line aux 0
line vty 0 4
!
scheduler max-task-time 5000
end

Open in new window

0
 

Author Comment

by:silent_waters
ID: 24030362
thanks trbooth, but I don't want to use NAT, it complicates things later on.
0
 

Assisted Solution

by:trbooth
trbooth earned 50 total points
ID: 24031622
No problem. Evidently I can't read.
0
 
LVL 4

Expert Comment

by:lpacker
ID: 24034779
I only see one interface in the bridge-group. You need to have the ISP connection and the port that the server is plugged into in the same bridge-group.  If I am not mistaken, without routing, the vlan interface isn't doing you any good.
I see multiple fast ethernet ports listed, do you have multiple machines connected?
0
 

Author Comment

by:silent_waters
ID: 24034867
I've tried to add the ATM interface, but it doesn't appear. I'm not sure why, it doesn't give an error message when I use the command, it just doesn't do anything.
I only have one server to connect, but the router is a fixed configuration job with four ports. The fastethernet interfaces can't be added to the bridge group, so i added the vlan instead.
0
 
LVL 4

Assisted Solution

by:lpacker
lpacker earned 100 total points
ID: 24035125
Are you able to configure a BVI interface?
Try this:
http://www.ciscopress.com/articles/article.asp?p=31445
Search for this text :   RFC 2684 Bridging

 
0
 

Author Comment

by:silent_waters
ID: 24035426
Wouldn't that basically be the same as routing? It has private IP addresses on the internal network, which is what I want to avoid.
0
 

Author Comment

by:silent_waters
ID: 24035459
Why is this so difficult? Is there a different type of dsl modem I need to buy or what? It can't be this much hassle to get a public IP address onto a server network adapter.
Does anyone have any suggestions about alternatives? I really need to get this sorted asap.
0
 

Accepted Solution

by:
silent_waters earned 0 total points
ID: 24091835
I've given up. I'm going to do it another way.
Thanks for the help anyway guys.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question