Solved

Problems getting NAT translation to work on Cisco 871W Router w 1 Static IP and a New 5 additional IP Block

Posted on 2009-05-04
3
692 Views
Last Modified: 2012-05-06
I am having trouble configuring my Cisco 871W with an additional 5 IP address block that I purchased. I have been working on this off and on for a couple of months, so I now turn to you guys. Any help is greatly appreciated.

The router does serve internet requests for the other computers on the network just can't ever get the additional IP address block to work.

I have attached a scrubbed copy of the config to this post for faster help.

Thanks in advance
Current configuration : 9869 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Cisco_871W

!

boot-start-marker

boot-end-marker

!

logging buffered 20000

logging console

enable secret 5 $1$oHLr$CW8GJdTX9oveDthz.nRrV.

!

aaa new-model

!

!

aaa authentication login local_auth local

!

!

aaa session-id common

clock timezone NewYork -5

clock summer-time NewYork date Apr 6 2003 2:00 Oct 26 2003 2:00

!

crypto pki trustpoint TP-self-signed-4179700116

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-4179700116

 revocation-check none

 rsakeypair TP-self-signed-4179700116

!

!

crypto pki certificate chain TP-self-signed-4179700116

 certificate self-signed 01

  3082025A 308201C3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 34313739 37303031 3136301E 170D3038 30373331 30343136

  35385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 31373937

  30303131 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100B76B 1446DD20 6D021B5F 684A3761 758BEF08 B70E00EF 194EAA49 1E17F5B8

  F6C3588C C55933D5 E1672BF4 4F10FBA6 AA78FD36 B394C103 0457B312 D0A32A6B

  571BCA21 0BE886FA 09E5F49C 66607D4E 641C902C 70724A38 CFB163B2 28A7B400

  084D74C7 FFE6B871 0CB3FC09 5E20B4EA 6764E98E A9048071 8576E732 24272682

  63D10203 010001A3 8181307F 300F0603 551D1301 01FF0405 30030101 FF302C06

  03551D11 04253023 82214369 73636F5F 38373157 2E666F63 75736564 64657665

  6C6F706D 656E742E 636F6D30 1F060355 1D230418 30168014 4F2F7DC9 1404BD83

  2B4D68F9 54EF1C17 3989BFF2 301D0603 551D0E04 1604144F 2F7DC914 04BD832B

  4D68F954 EF1C1739 89BFF230 0D06092A 864886F7 0D010104 05000381 810001CD

  33325B27 3E408245 613F79AC 89466E6B 3E91DAC3 584F7A53 F0CCA6D8 490C08B2

  E6CF19BD A5F0FE4D 95C3FA67 FEF0B662 0F2EA191 FD7F8977 8129D0D8 29508FAB

  E892A803 76F26E69 ECBAB8EA EBD822ED B740C1A2 8194E6BF 61C458D2 EEE1892D

  70044BF7 FDEE1DE2 1AF2100D A38DA8BC F968E7B9 A284453E EABEB999 0401

        quit

dot11 syslog

!

dot11 ssid focusedxxxxxxxxxxx.net

   authentication open

   authentication key-management wpa

   guest-mode

  

!

dot11 ssid focusedxxxxxxxxxxx.net

   vlan 1

!

ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.2.106 192.168.2.107 192.168.2.108 192.168.2.254

!

ip dhcp pool sdm-pool

   import all

   network 192.168.2.0 255.255.255.0

   default-router 192.168.2.2

   domain-name focusedxxxxxxxxxxx.net

   netbios-name-server 192.168.2.107

   dns-server 166.82.1.3 166.102.165.11

   lease 0 8

!

!

ip port-map user-protocol--8 port tcp 1450

ip port-map user-protocol--9 port udp 1450

ip port-map user-protocol--2 port tcp 102

ip port-map user-protocol--3 port tcp 1028

ip port-map user-protocol--6 port tcp 1290

ip port-map user-protocol--7 port tcp 1301

ip port-map user-protocol--4 port tcp 1099

ip port-map user-protocol--5 port tcp 1150

ip port-map user-protocol--13 port tcp 40000

ip port-map user-protocol--11 port tcp 3268

ip port-map user-protocol--10 port tcp 2883

ip port-map user-protocol--17 port tcp 3395

ip port-map user-protocol--16 port tcp 3389

ip port-map user-protocol--15 port tcp 40004

ip port-map user-protocol--14 port tcp 40002

ip port-map user-protocol--14 port tcp 42

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

ip name-server 166.82.XXX.XXX
 

 

!

!

!

!
 

!

!

archive

 log config

  hidekeys

!

!

!

!

!

interface FastEthernet0

 switchport access vlan 10

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

 description $ETH-WAN$

 mac-address 0016.b68b.8c5b

 ip dhcp client update dns server none

 ip address dhcp client-id FastEthernet4

 ip nat outside

 ip virtual-reassembly

 duplex auto

 speed auto

!

interface Dot11Radio0

 ip address 192.168.1.250 255.255.255.0

 !

 encryption vlan 1 key 1 size 40bit 0 E521C6BD52 transmit-key

 encryption vlan 1 mode wep mandatory

 !

 encryption mode ciphers tkip

 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0

 54.0

 station-role root

!

interface Dot11Radio0.1

 encapsulation dot1Q 1 native

 no cdp enable

 bridge-group 1

 bridge-group 1 subscriber-loop-control

 bridge-group 1 spanning-disabled

 bridge-group 1 block-unknown-source

 no bridge-group 1 source-learning

 no bridge-group 1 unicast-flooding

!

interface Vlan1

 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$

 ip address 192.168.2.2 255.255.255.0

 ip nat inside

 ip virtual-reassembly

 ip tcp adjust-mss 1452

!

interface Vlan10

 ip address 166.82.XXX.XXX 255.255.XXX.XXX secondary

 ip address 166.82.XXX.XXX 255.255.XXX.XXX secondary

 ip address 166.82.XXX.XXX 255.255.XXX.XXX secondary

 ip address 166.82.XXX.XXX 255.255.XXX.XXX secondary

 ip address 166.82.XXX.XXX 255.255.XXX.XXX secondary

 ip address 166.82.XXX.XXX 255.255.XXX.XXX

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 FastEthernet4

ip route 166.82.XXX.XXX 255.255.XXX.XXX FastEthernet4 permanent

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 23 interface FastEthernet4 overload

ip nat inside source list 24 interface FastEthernet4 overload

ip nat inside source static tcp 192.168.2.108 3395 interface FastEthernet4 3395

ip nat inside source static tcp 192.168.2.108 25 166.82.XXX.XXX 25 extendable

ip nat inside source static tcp 192.168.2.108 42 166.82.XXX.XXX 42 extendable

ip nat inside source static tcp 192.168.2.108 88 166.82.XXX.XXX 88 extendable

ip nat inside source static tcp 192.168.2.108 102 166.82.XXX.XXX 102 extendable

ip nat inside source static tcp 192.168.2.108 110 166.82.XXX.XXX 110 extendable

ip nat inside source static tcp 192.168.2.108 135 166.82.XXX.XXX 135 extendable

ip nat inside source static tcp 192.168.2.108 389 166.82.XXX.XXX 389 extendable

ip nat inside source static tcp 192.168.2.108 443 166.82.XXX.XXX 443 extendable

ip nat inside source static tcp 192.168.2.108 691 166.82.XXX.XXX 691 extendable

ip nat inside source static tcp 192.168.2.108 1028 166.82.XXX.XXX 1028 extendable

ip nat inside source static tcp 192.168.2.108 1099 166.82.XXX.XXX 1099 extendable

ip nat inside source static tcp 192.168.2.108 1150 166.82.XXX.XXX 1150 extendable

ip nat inside source static tcp 192.168.2.108 1290 166.82.XXX.XXX 1290 extendable

ip nat inside source static tcp 192.168.2.108 1301 166.82.XXX.XXX 1301 extendable

ip nat inside source static tcp 192.168.2.108 1450 166.82.XXX.XXX 1450 extendable

ip nat inside source static udp 192.168.2.108 1450 166.82.XXX.XXX 1450 extendable

ip nat inside source static tcp 192.168.2.108 2883 166.82.XXX.XXX 2883 extendable

ip nat inside source static tcp 192.168.2.108 3268 166.82.XXX.XXX 3268 extendable

ip nat inside source static tcp 192.168.2.108 6001 166.82.XXX.XXX 6001 extendable

ip nat inside source static tcp 192.168.2.108 6004 166.82.XXX.XXX 6004 extendable

ip nat inside source static tcp 192.168.2.108 40000 166.82.XXX.XXX 40000 extendable

ip nat inside source static tcp 192.168.2.108 40002 166.82.XXX.XXX 40002 extendable

ip nat inside source static tcp 192.168.2.108 40004 166.82.XXX.XXX 40004 extendable

!

ip access-list extended MAIL2_1

 permit tcp any host 166.82.XXX.XXX eq smtp

 permit tcp any host 166.82.XXX.XXX eq 42

 permit tcp any host 166.82.XXX.XXX eq 88

 permit tcp any host 166.82.XXX.XXX eq 102

 permit tcp any host 166.82.XXX.XXX eq pop3

 permit tcp any host 166.82.XXX.XXX eq 135

 permit tcp any host 166.82.XXX.XXX eq 389

 deny   ip any host 166.82.XXX.XXX

 permit ip any any

ip access-list extended MAIL2_2

 permit tcp any host 166.82.XXX.XXX eq 1028

 permit tcp any host 166.82.XXX.XXX eq 1099

 permit tcp any host 166.82.XXX.XXX eq 1150

 permit tcp any host 166.82.XXX.XXX eq 1290

 permit tcp any host 166.82.XXX.XXX eq 1301

 permit tcp any host 166.82.XXX.XXX eq 1450

 permit udp any host 166.82.XXX.XXX eq 1450

 deny   ip any host 166.82.XXX.XXX

 permit ip any any

ip access-list extended MAIL2_3

 permit tcp any host 166.82.XXX.XXX eq 2883

 permit tcp any host 166.82.XXX.XXX eq 3268

 permit tcp any host 166.82.XXX.XXX eq 6001

 permit tcp any host 166.82.XXX.XXX eq 6004

 permit tcp any host 166.82.XXX.XXX eq 40000

 permit tcp any host 166.82.XXX.XXX eq 40002

 deny   ip any host 166.82.XXX.XXX

 permit ip any any

 permit tcp any host 166.82.XXX.XXX eq 3395

ip access-list extended MAIL2_4

 permit tcp any host 166.82.XXX.XXX eq 40004

 deny   ip any host 166.82.XXX.XXX

 permit ip any any

ip access-list extended PORTRANGE

 permit tcp any host 166.82.XXX.XXX eq www

 permit tcp any host 166.82.XXX.XXX eq ftp

 permit tcp any host 166.82.XXX.XXX eq 3393

 permit tcp any host 166.82.XXX.XXX eq 3401

!

logging trap debugging

logging 192.168.2.2

logging 192.168.2.107

logging 192.168.2.108

logging 192.168.2.106

logging 192.168.2.112

access-list 23 permit 192.168.2.0 0.0.0.255

access-list 24 remark SDM_ACL Category=18

access-list 24 remark Outside IP Block - (External Address Block)

access-list 24 permit any

access-list 24 permit 166.82.XXX.XXX 0.0.XXX.XXX

access-list 90 permit any log

access-list 111 permit icmp any any

no cdp run

!

!

!

control-plane

!

!

line con 0

 no modem enable

line aux 0

line vty 0 4

 access-class 90 in

 privilege level 15

 password 15 sharell@29

 login authentication local_auth

 transport input telnet ssh

!

scheduler max-task-time 5000

end

Open in new window

0
Comment
Question by:arthurposton
  • 2
3 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 500 total points
Comment Utility
Sure, will help. But what is that you need help with? As of now it is working just fine and you have additional 5 ip addresses, what do you want to do with it ?

Cheers,
Rajesh
0
 

Author Comment

by:arthurposton
Comment Utility
It is not working, each time I try to use one of those IP addresses it states that the IP address does not exist on this router.
0
 
LVL 32

Expert Comment

by:rsivanandan
Comment Utility
Arthur,

  What do you try and get the message? What are you trying to achieve?

Cheers,
Rajesh
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
VPN Client  - Windows 10 11 138
Error on login Cisco RV016 1 14
Cisco WLC: Blocking specific MAC address 3 37
NSD FAIL 2 19
If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
This video discusses moving either the default database or any database to a new volume.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now