Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 714
  • Last Modified:

Problems getting NAT translation to work on Cisco 871W Router w 1 Static IP and a New 5 additional IP Block

I am having trouble configuring my Cisco 871W with an additional 5 IP address block that I purchased. I have been working on this off and on for a couple of months, so I now turn to you guys. Any help is greatly appreciated.

The router does serve internet requests for the other computers on the network just can't ever get the additional IP address block to work.

I have attached a scrubbed copy of the config to this post for faster help.

Thanks in advance
Current configuration : 9869 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco_871W
!
boot-start-marker
boot-end-marker
!
logging buffered 20000
logging console
enable secret 5 $1$oHLr$CW8GJdTX9oveDthz.nRrV.
!
aaa new-model
!
!
aaa authentication login local_auth local
!
!
aaa session-id common
clock timezone NewYork -5
clock summer-time NewYork date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-4179700116
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-4179700116
 revocation-check none
 rsakeypair TP-self-signed-4179700116
!
!
crypto pki certificate chain TP-self-signed-4179700116
 certificate self-signed 01
  3082025A 308201C3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 34313739 37303031 3136301E 170D3038 30373331 30343136
  35385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 31373937
  30303131 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100B76B 1446DD20 6D021B5F 684A3761 758BEF08 B70E00EF 194EAA49 1E17F5B8
  F6C3588C C55933D5 E1672BF4 4F10FBA6 AA78FD36 B394C103 0457B312 D0A32A6B
  571BCA21 0BE886FA 09E5F49C 66607D4E 641C902C 70724A38 CFB163B2 28A7B400
  084D74C7 FFE6B871 0CB3FC09 5E20B4EA 6764E98E A9048071 8576E732 24272682
  63D10203 010001A3 8181307F 300F0603 551D1301 01FF0405 30030101 FF302C06
  03551D11 04253023 82214369 73636F5F 38373157 2E666F63 75736564 64657665
  6C6F706D 656E742E 636F6D30 1F060355 1D230418 30168014 4F2F7DC9 1404BD83
  2B4D68F9 54EF1C17 3989BFF2 301D0603 551D0E04 1604144F 2F7DC914 04BD832B
  4D68F954 EF1C1739 89BFF230 0D06092A 864886F7 0D010104 05000381 810001CD
  33325B27 3E408245 613F79AC 89466E6B 3E91DAC3 584F7A53 F0CCA6D8 490C08B2
  E6CF19BD A5F0FE4D 95C3FA67 FEF0B662 0F2EA191 FD7F8977 8129D0D8 29508FAB
  E892A803 76F26E69 ECBAB8EA EBD822ED B740C1A2 8194E6BF 61C458D2 EEE1892D
  70044BF7 FDEE1DE2 1AF2100D A38DA8BC F968E7B9 A284453E EABEB999 0401
        quit
dot11 syslog
!
dot11 ssid focusedxxxxxxxxxxx.net
   authentication open
   authentication key-management wpa
   guest-mode
  
!
dot11 ssid focusedxxxxxxxxxxx.net
   vlan 1
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.106 192.168.2.107 192.168.2.108 192.168.2.254
!
ip dhcp pool sdm-pool
   import all
   network 192.168.2.0 255.255.255.0
   default-router 192.168.2.2
   domain-name focusedxxxxxxxxxxx.net
   netbios-name-server 192.168.2.107
   dns-server 166.82.1.3 166.102.165.11
   lease 0 8
!
!
ip port-map user-protocol--8 port tcp 1450
ip port-map user-protocol--9 port udp 1450
ip port-map user-protocol--2 port tcp 102
ip port-map user-protocol--3 port tcp 1028
ip port-map user-protocol--6 port tcp 1290
ip port-map user-protocol--7 port tcp 1301
ip port-map user-protocol--4 port tcp 1099
ip port-map user-protocol--5 port tcp 1150
ip port-map user-protocol--13 port tcp 40000
ip port-map user-protocol--11 port tcp 3268
ip port-map user-protocol--10 port tcp 2883
ip port-map user-protocol--17 port tcp 3395
ip port-map user-protocol--16 port tcp 3389
ip port-map user-protocol--15 port tcp 40004
ip port-map user-protocol--14 port tcp 40002
ip port-map user-protocol--14 port tcp 42
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip name-server 166.82.XXX.XXX
 
 
!
!
!
!
 
!
!
archive
 log config
  hidekeys
!
!
!
!
!
interface FastEthernet0
 switchport access vlan 10
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 description $ETH-WAN$
 mac-address 0016.b68b.8c5b
 ip dhcp client update dns server none
 ip address dhcp client-id FastEthernet4
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Dot11Radio0
 ip address 192.168.1.250 255.255.255.0
 !
 encryption vlan 1 key 1 size 40bit 0 E521C6BD52 transmit-key
 encryption vlan 1 mode wep mandatory
 !
 encryption mode ciphers tkip
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
 54.0
 station-role root
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 no cdp enable
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$
 ip address 192.168.2.2 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface Vlan10
 ip address 166.82.XXX.XXX 255.255.XXX.XXX secondary
 ip address 166.82.XXX.XXX 255.255.XXX.XXX secondary
 ip address 166.82.XXX.XXX 255.255.XXX.XXX secondary
 ip address 166.82.XXX.XXX 255.255.XXX.XXX secondary
 ip address 166.82.XXX.XXX 255.255.XXX.XXX secondary
 ip address 166.82.XXX.XXX 255.255.XXX.XXX
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet4
ip route 166.82.XXX.XXX 255.255.XXX.XXX FastEthernet4 permanent
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 23 interface FastEthernet4 overload
ip nat inside source list 24 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.2.108 3395 interface FastEthernet4 3395
ip nat inside source static tcp 192.168.2.108 25 166.82.XXX.XXX 25 extendable
ip nat inside source static tcp 192.168.2.108 42 166.82.XXX.XXX 42 extendable
ip nat inside source static tcp 192.168.2.108 88 166.82.XXX.XXX 88 extendable
ip nat inside source static tcp 192.168.2.108 102 166.82.XXX.XXX 102 extendable
ip nat inside source static tcp 192.168.2.108 110 166.82.XXX.XXX 110 extendable
ip nat inside source static tcp 192.168.2.108 135 166.82.XXX.XXX 135 extendable
ip nat inside source static tcp 192.168.2.108 389 166.82.XXX.XXX 389 extendable
ip nat inside source static tcp 192.168.2.108 443 166.82.XXX.XXX 443 extendable
ip nat inside source static tcp 192.168.2.108 691 166.82.XXX.XXX 691 extendable
ip nat inside source static tcp 192.168.2.108 1028 166.82.XXX.XXX 1028 extendable
ip nat inside source static tcp 192.168.2.108 1099 166.82.XXX.XXX 1099 extendable
ip nat inside source static tcp 192.168.2.108 1150 166.82.XXX.XXX 1150 extendable
ip nat inside source static tcp 192.168.2.108 1290 166.82.XXX.XXX 1290 extendable
ip nat inside source static tcp 192.168.2.108 1301 166.82.XXX.XXX 1301 extendable
ip nat inside source static tcp 192.168.2.108 1450 166.82.XXX.XXX 1450 extendable
ip nat inside source static udp 192.168.2.108 1450 166.82.XXX.XXX 1450 extendable
ip nat inside source static tcp 192.168.2.108 2883 166.82.XXX.XXX 2883 extendable
ip nat inside source static tcp 192.168.2.108 3268 166.82.XXX.XXX 3268 extendable
ip nat inside source static tcp 192.168.2.108 6001 166.82.XXX.XXX 6001 extendable
ip nat inside source static tcp 192.168.2.108 6004 166.82.XXX.XXX 6004 extendable
ip nat inside source static tcp 192.168.2.108 40000 166.82.XXX.XXX 40000 extendable
ip nat inside source static tcp 192.168.2.108 40002 166.82.XXX.XXX 40002 extendable
ip nat inside source static tcp 192.168.2.108 40004 166.82.XXX.XXX 40004 extendable
!
ip access-list extended MAIL2_1
 permit tcp any host 166.82.XXX.XXX eq smtp
 permit tcp any host 166.82.XXX.XXX eq 42
 permit tcp any host 166.82.XXX.XXX eq 88
 permit tcp any host 166.82.XXX.XXX eq 102
 permit tcp any host 166.82.XXX.XXX eq pop3
 permit tcp any host 166.82.XXX.XXX eq 135
 permit tcp any host 166.82.XXX.XXX eq 389
 deny   ip any host 166.82.XXX.XXX
 permit ip any any
ip access-list extended MAIL2_2
 permit tcp any host 166.82.XXX.XXX eq 1028
 permit tcp any host 166.82.XXX.XXX eq 1099
 permit tcp any host 166.82.XXX.XXX eq 1150
 permit tcp any host 166.82.XXX.XXX eq 1290
 permit tcp any host 166.82.XXX.XXX eq 1301
 permit tcp any host 166.82.XXX.XXX eq 1450
 permit udp any host 166.82.XXX.XXX eq 1450
 deny   ip any host 166.82.XXX.XXX
 permit ip any any
ip access-list extended MAIL2_3
 permit tcp any host 166.82.XXX.XXX eq 2883
 permit tcp any host 166.82.XXX.XXX eq 3268
 permit tcp any host 166.82.XXX.XXX eq 6001
 permit tcp any host 166.82.XXX.XXX eq 6004
 permit tcp any host 166.82.XXX.XXX eq 40000
 permit tcp any host 166.82.XXX.XXX eq 40002
 deny   ip any host 166.82.XXX.XXX
 permit ip any any
 permit tcp any host 166.82.XXX.XXX eq 3395
ip access-list extended MAIL2_4
 permit tcp any host 166.82.XXX.XXX eq 40004
 deny   ip any host 166.82.XXX.XXX
 permit ip any any
ip access-list extended PORTRANGE
 permit tcp any host 166.82.XXX.XXX eq www
 permit tcp any host 166.82.XXX.XXX eq ftp
 permit tcp any host 166.82.XXX.XXX eq 3393
 permit tcp any host 166.82.XXX.XXX eq 3401
!
logging trap debugging
logging 192.168.2.2
logging 192.168.2.107
logging 192.168.2.108
logging 192.168.2.106
logging 192.168.2.112
access-list 23 permit 192.168.2.0 0.0.0.255
access-list 24 remark SDM_ACL Category=18
access-list 24 remark Outside IP Block - (External Address Block)
access-list 24 permit any
access-list 24 permit 166.82.XXX.XXX 0.0.XXX.XXX
access-list 90 permit any log
access-list 111 permit icmp any any
no cdp run
!
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 access-class 90 in
 privilege level 15
 password 15 sharell@29
 login authentication local_auth
 transport input telnet ssh
!
scheduler max-task-time 5000
end

Open in new window

0
arthurposton
Asked:
arthurposton
  • 2
1 Solution
 
rsivanandanCommented:
Sure, will help. But what is that you need help with? As of now it is working just fine and you have additional 5 ip addresses, what do you want to do with it ?

Cheers,
Rajesh
0
 
arthurpostonAuthor Commented:
It is not working, each time I try to use one of those IP addresses it states that the IP address does not exist on this router.
0
 
rsivanandanCommented:
Arthur,

  What do you try and get the message? What are you trying to achieve?

Cheers,
Rajesh
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now