Solved

Showing Gw Adress instead of assigned static address

Posted on 2009-07-02
11
449 Views
Last Modified: 2012-05-07
i have a few static IPs in my network

like 65.xx.xx.233 is assigned at 1 pc and if i do a ipaddy.com on the machine it shows

65.xx.xx.226  the same one of the interface doesnt it normally not go through the router ALso on the machine its going through the Default Gw of my other ISP so im  lost as if maybe its something to do with the overload thats currently set up ....


Thanks
ohhh shoot its already in there i might of copied this from wehn you showed me previous ....
 

heres the current just to make sure...
 

AmtecLV1841#sh run

Building configuration...
 

Current configuration : 17943 bytes

!

! Last configuration change at 12:15:23 PST Mon Mar 16 2009 by johnny

! NVRAM config last updated at 01:35:57 PST Sun Mar 15 2009 by johnny

!

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime localtime

service timestamps log datetime localtime

service password-encryption

!

hostname AmtecLV1841

!

boot-start-marker

boot system flash 

boot-end-marker

!

security authentication failure rate 3 log

security passwords min-length 5

logging buffered 51200 debugging

logging console critical
 

!

aaa new-model

!

!

aaa authentication login default local

aaa authentication login User_Database local

aaa authorization network MGMT local 

!

aaa session-id common

clock timezone PST -8

no ip source-route

ip cef

!

!

ip inspect name Firewall cuseeme

ip inspect name Firewall ftp

ip inspect name Firewall h323

ip inspect name Firewall netshow

ip inspect name Firewall rcmd

ip inspect name Firewall realaudio

ip inspect name Firewall rtsp

ip inspect name Firewall sqlnet

ip inspect name Firewall streamworks

ip inspect name Firewall tftp

ip inspect name Firewall tcp

ip inspect name Firewall udp

ip inspect name Firewall vdolive

ip inspect name Firewall icmp

ip inspect name Firewall esmtp

ip inspect name Firewall sip

ip inspect name Firewall sip-tls

ip tcp path-mtu-discovery

ip telnet source-interface FastEthernet0/1

!

!

no ip bootp server

ip name-server 4.2.2.2

ip name-server 65.106.1.196

ip name-server 65.106.7.196

!

!

crypto pki trustpoint TP-self-signed-1297439676

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1297439676

revocation-check none

rsakeypair TP-self-signed-1297439676

!

!

!

!

class-map match-any IP_Node

match access-group 104

!

!

policy-map VoIP_Priority

class IP_Node

 set ip dscp ef

 priority 256

class class-default

 fair-queue

 random-detect

policy-map QoS

class class-default

 shape average 500000 5000 0

 service-policy VoIP_Priority

!

! 

crypto keyring 1 

  pre-shared-key address 71.xx.xx.241 key asdfasdf

crypto keyring 2 

  pre-shared-key address 0.0.0.0 0.0.0.0 key asdfasdfasdf

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

!

crypto isakmp policy 2

encr 3des

authentication pre-share

group 2

lifetime 28800

!

crypto isakmp client configuration group MGMT

key Tasdfasdm@

dns 192.168.11.1 64.30.0.17

wins 192.168.11.1

domain amtec.local

pool VPN_IPs

acl 105

max-users 3

max-logins 3

netmask 255.255.255.0

crypto isakmp profile 1

  description Tunnel to San Bernardino

  keyring 1

  crypto isakmp profile 2

  description VPN Client profile

  match identity group MGMT

  client authentication list User_Database

  isakmp authorization list MGMT

  client configuration address respond

crypto isakmp profile 3

  description Tunnel to internet 

   keyring 2

  match identity address 0.0.0.0 

!

!

crypto ipsec transform-set Transform_Set_1 esp-3des esp-sha-hmac 

crypto ipsec df-bit clear

!

crypto dynamic-map Site-to-Site 3

set transform-set Transform_Set_1 

 set isakmp-profile 3

!

crypto dynamic-map VPN_Client 2

set security-association idle-time 1800

set transform-set Transform_Set_1 

 set isakmp-profile 2

reverse-route

!

!

crypto map VPN_Tunnel 1 ipsec-isakmp 

 description Tunnel to San Bernardino

set transform-set Transform_Set_1 

 set isakmp-profile 1

match address 100

qos pre-classify

crypto map VPN_Tunnel 2 ipsec-isakmp dynamic VPN_Client 

crypto map VPN_Tunnel 3 ipsec-isakmp dynamic Site-to-Site 

!

bridge irb

!

!

interface Loopback0

description Virtual NAT Interface

ip address 1.1.1.1 255.255.255.252

!

interface Loopback2

ip address 2.2.2.2 255.255.255.255

!

interface Null0

no ip unreachables

!

interface FastEthernet0/0

description Connected to TelePacific Internet$FW_OUTSIDE$

ip address 65.xx.xx.226 255.255.255.240

ip access-group 101 in

no ip redirects

no ip unreachables

ip directed-broadcast

ip inspect Firewall out

ip nat outside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

no cdp enable

crypto map VPN_Tunnel

crypto ipsec fragmentation before-encryption

!

interface FastEthernet0/1

description $FW_INSIDE$

ip address 192.168.11.254 255.255.255.0

ip access-group 102 in

no ip redirects

no ip unreachables

ip directed-broadcast

ip nat inside

ip virtual-reassembly

ip policy route-map NAT_Filter

duplex auto

speed auto

!

interface FastEthernet0/1.1

no cdp enable

!

interface FastEthernet0/1/0

switchport access vlan 10

!

interface FastEthernet0/1/1

!

interface FastEthernet0/1/2

!

interface FastEthernet0/1/3

!

interface Serial0/0/0

ip address 64.xx.xx.10 255.255.255.252

no ip redirects

no ip unreachables

ip nat outside

ip virtual-reassembly

encapsulation ppp

service-module t1 timeslots 1-24

!

interface Vlan1

no ip address

!

interface Vlan10

ip address 65.xx.xx.46 255.255.255.128

ip access-group 103 in

ip verify unicast reverse-path

no ip redirects

no ip unreachables

ip directed-broadcast

ip inspect Firewall out

ip nat outside

ip virtual-reassembly

crypto map VPN_Tunnel

crypto ipsec fragmentation before-encryption

!

interface BVI1

no ip address

!

ip local pool VPN_IPs 192.168.255.1 192.168.255.10

ip forward-protocol udp netbios-ss

ip route 0.0.0.0 0.0.0.0 Serial0/0/0 10

ip route 0.0.0.0 0.0.0.0 65.xx.xx.1 

ip route 192.168.14.0 255.255.255.0 192.168.11.2

!

ip http server

ip http authentication local

ip http secure-server

ip nat inside source route-map Ethernet interface Vlan10 overload

ip nat inside source route-map Nat interface FastEthernet0/0 overload

ip nat inside source route-map T1 interface FastEthernet0/0 overload

ip nat inside source static tcp 192.168.11.254 23 65.xx.xx.46 23 extendable

ip nat inside source static tcp 192.168.11.1 25 65.xx.xx.46 25 extendable

ip nat inside source static tcp 192.168.11.1 80 65.xx.xx.46 80 extendable

ip nat inside source static tcp 192.168.11.1 443 65.xx.xx.46 443 extendable

ip nat inside source static tcp 192.168.11.1 3389 65.xx.xx.46 3389 extendable

ip nat inside source static tcp 192.168.11.1 4125 65.xx.xx.46 4125 extendable

ip nat inside source static tcp 192.168.11.254 22 65.xx.xx.226 22 extendable

ip nat inside source static tcp 192.168.11.1 25 65.xx.xx.226 25 extendable

ip nat inside source static tcp 192.168.11.1 80 65.xx.xx.226 80 extendable

ip nat inside source static tcp 192.168.11.1 443 65.xx.xx.226 443 extendable

ip nat inside source static tcp 192.168.11.1 3389 65.xx.xx.226 3389 extendable

ip nat inside source static tcp 192.168.11.1 4125 65.xx.xx.226 4125 extendable

ip nat inside source static tcp 192.168.11.17 6107 65.xx.xx.226 6107 extendable

ip nat inside source static udp 192.168.11.17 6107 65.xx.xx.226 6107 extendable

ip nat inside source static tcp 192.168.11.1 25 65.xx.xx.230 25 extendable

ip nat inside source static tcp 192.168.11.1 80 65.xx.xx.230 80 extendable

ip nat inside source static tcp 192.168.11.1 443 65.xx.xx.230 443 extendable

ip nat inside source static tcp 192.168.11.1 3389 65.xx.xx.230 3389 extendable

ip nat inside source static tcp 192.168.11.1 4125 65.xx.xx.230 4125 extendable

ip nat inside source static 192.168.14.27 65.xx.xx.231

ip nat inside source static 192.168.14.2 65.xx.xx.232

ip nat inside source static tcp 192.168.14.24 80 65.xx.xx.234 80 extendable

ip nat inside source static tcp 192.168.14.24 37000 65.xx.xx.234 37000 extendable

ip nat inside source static tcp 192.168.11.1 3389 65.xx.xx.238 3389 extendable

ip nat outside source static 192.168.11.1 65.xx.xx.226

ip nat outside source static 192.168.14.2 65.xx.xx.232

ip nat outside source static 192.168.14.24 65.xx.xx.234

ip nat outside source static 192.168.14.27 65.xx.xx.231

!

access-list 100 permit ip 192.168.11.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 100 permit ip 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 100 permit ip 192.168.255.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 100 permit ip 192.168.14.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 100 permit ip 192.168.3.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 100 permit ip 192.168.10.0 0.0.0.255 192.168.14.0 0.0.0.255

access-list 101 permit ip any any

access-list 101 deny   ip 192.168.11.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 101 deny   ip 192.168.11.0 0.0.0.255 192.168.254.0 0.0.0.255

access-list 101 deny   ip 192.168.11.0 0.0.0.255 192.168.255.0 0.0.0.255

access-list 101 deny   ip 192.168.14.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 101 deny   ip 192.168.14.0 0.0.0.255 192.168.254.0 0.0.0.255

access-list 101 deny   ip 192.168.14.0 0.0.0.255 192.168.255.0 0.0.0.255

access-list 101 deny   ip 192.168.255.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 101 deny   ip 192.168.3.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 101 permit ip 192.168.11.0 0.0.0.255 any

access-list 101 permit ip 192.168.14.0 0.0.0.255 any

access-list 102 permit ip any host 192.168.14.28

access-list 102 permit ip host 192.168.14.28 any

access-list 102 permit ip 192.168.14.0 0.0.0.255 any

access-list 102 deny   ip host 255.255.255.255 any

access-list 102 deny   ip 127.0.0.0 0.255.255.255 any

access-list 102 permit ip host 192.168.11.28 192.168.254.0 0.0.0.255

access-list 102 permit ip any host 192.168.14.27

access-list 102 permit ip host 192.168.14.27 any

access-list 102 permit tcp any any eq 5060

access-list 102 permit ip host 192.168.14.2 host 209.203.104.37

access-list 102 permit ip host 209.203.104.37 host 192.168.14.2

access-list 102 permit ip host 192.168.14.2 192.168.254.0 0.0.0.255

access-list 102 permit ip 192.168.14.0 0.0.0.255 192.168.254.0 0.0.0.255

access-list 102 deny   ip 192.168.11.0 0.0.0.255 192.168.254.0 0.0.0.255

access-list 102 deny   icmp any 192.168.254.0 0.0.0.255

access-list 102 permit ip any any

access-list 103 permit ip 192.168.10.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 103 permit ip 192.168.14.0 0.0.0.255 any

access-list 103 permit ip host 0.0.0.0 any

access-list 103 permit ip 192.168.10.0 0.0.0.255 192.168.255.0 0.0.0.255

access-list 103 permit ahp any host 65.xx.xx.46

access-list 103 permit ahp any host 65.xx.xx.226

access-list 103 permit esp any host 65.xx.xx.46

access-list 103 permit esp any host 65.xx.xx.226

access-list 103 permit udp any host 65.xx.xx.46 eq 5060

access-list 103 permit ip host 192.168.14.27 any

access-list 103 permit ip any host 192.168.14.27

access-list 103 permit udp any host 65.xx.xx.46 eq isakmp

access-list 103 permit udp any host 65.xx.xx.226 eq isakmp

access-list 103 permit udp any host 65.xx.xx.46 eq non500-isakmp

access-list 103 permit udp any host 65.xx.xx.226 eq non500-isakmp

access-list 103 permit esp any any

access-list 103 permit gre any any

access-list 103 permit tcp any any eq 1723

access-list 103 permit ip 192.168.2.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.11.0 0.0.0.255

access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.14.0 0.0.0.255

access-list 103 permit ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255

access-list 103 permit ip 192.168.10.0 0.0.0.255 192.168.14.0 0.0.0.255

access-list 103 permit ip 192.168.254.0 0.0.0.255 host 192.168.11.28

access-list 103 permit ip 192.168.254.0 0.0.0.255 192.168.14.0 0.0.0.255

access-list 103 deny   ip 192.168.254.0 0.0.0.255 any

access-list 103 permit ip 192.168.255.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 103 permit ip 192.168.255.0 0.0.0.255 192.168.11.0 0.0.0.255

access-list 103 permit ip 192.168.255.0 0.0.0.255 192.168.14.0 0.0.0.255

access-list 103 deny   icmp 192.168.254.0 0.0.0.255 any

access-list 103 permit icmp any any echo-reply

access-list 103 permit icmp any any time-exceeded

access-list 103 permit icmp any any timestamp-reply

access-list 103 permit icmp any any traceroute

access-list 103 permit icmp any any unreachable

access-list 103 permit udp any any eq ntp

access-list 103 permit tcp any host 65.xx.xx.46 eq 161

access-list 103 permit tcp any host 65.xx.xx.226 eq 161

access-list 103 permit tcp any host 65.xx.xx.46 eq 162

access-list 103 permit tcp any host 65.xx.xx.226 eq 162

access-list 103 permit udp any host 65.xx.xx.46 eq snmp

access-list 103 permit udp any host 65.xx.xx.226 eq snmp

access-list 103 permit udp any host 65.xx.xx.46 eq snmptrap

access-list 103 permit udp any host 65.xx.xx.226 eq snmptrap

access-list 103 permit udp host 209.203.104.37 host 65.xx.xx.46 eq 5060

access-list 103 permit tcp any host 65.xx.xx.46 eq smtp

access-list 103 permit tcp any host 65.xx.xx.226 eq smtp

access-list 103 permit tcp any host 65.xx.xx.46 eq www

access-list 103 permit tcp any host 65.xx.xx.226 eq www

access-list 103 permit tcp any host 65.xx.xx.46 eq 443

access-list 103 permit tcp any host 65.xx.xx.226 eq 443

access-list 103 permit tcp any host 65.xx.xx.46 eq 3389

access-list 103 permit tcp any host 65.xx.xx.226 eq 3389

access-list 103 permit tcp any host 65.xx.xx.46 eq 4125

access-list 103 permit tcp any host 65.xx.xx.226 eq 4125

access-list 103 permit tcp any host 65.xx.xx.46 eq 37000

access-list 103 permit tcp any host 65.xx.xx.226 eq 37000

access-list 103 permit tcp any host 65.xx.xx.46 eq ftp

access-list 103 permit tcp any host 65.xx.xx.226 eq ftp

access-list 103 permit tcp any host 65.xx.xx.46 eq ftp-data

access-list 103 permit tcp any host 65.xx.xx.226 eq ftp-data

access-list 103 deny   ip 192.168.11.0 0.0.0.255 any

access-list 103 deny   ip 10.0.0.0 0.255.255.255 any

access-list 103 deny   ip 172.16.0.0 0.15.255.255 any

access-list 103 deny   ip 192.168.0.0 0.0.255.255 any

access-list 103 deny   ip 127.0.0.0 0.255.255.255 any

access-list 103 deny   ip host 255.255.255.255 any

access-list 103 deny   ip host 0.0.0.0 any

access-list 103 permit udp any any eq 5060

access-list 103 permit tcp any any eq 5060

access-list 104 permit ip host 192.168.14.2 any

access-list 104 permit ip any host 192.168.14.2

access-list 104 permit ip 192.168.14.0 0.0.0.255 0.0.0.0 255.255.255.0

access-list 104 remark IP Nodes / Phones

access-list 105 permit ip 192.168.10.0 0.0.0.255 192.168.255.0 0.0.0.255

access-list 105 permit ip 192.168.11.0 0.0.0.255 192.168.255.0 0.0.0.255

access-list 105 permit ip 192.168.14.0 0.0.0.255 192.168.255.0 0.0.0.255

access-list 105 permit ip 192.168.255.0 0.0.0.255 any

access-list 105 remark VPN Split Tunnel Rules

access-list 106 permit ip host 192.168.11.1 192.168.3.0 0.0.0.255

access-list 106 permit ip host 192.168.11.1 192.168.10.0 0.0.0.255

access-list 106 permit ip host 192.168.11.1 192.168.255.0 0.0.0.255

access-list 106 permit ip 192.168.11.0 0.0.0.255 192.168.255.0 0.0.0.255

access-list 106 permit ip 192.168.14.0 0.0.0.255 192.168.255.0 0.0.0.255

access-list 150 permit ip 192.168.11.40 any

no cdp run

route-map XoRoutemap permit 10

match ip address XoStatics

!

route-map NAT_Filter permit 1

match ip address 106

set ip next-hop 1.1.1.2

!

route-map NAT_Filter permit 20

match ip address 150

set ip next-hop 65.xx.xx.226

!

route-map Ethernet permit 10

match ip address 101

match interface Vlan10

!

route-map Nat permit 1

match ip address 101

match interface FastEthernet0/0

!

route-map T1 permit 10

match ip address 101

match interface Serial0/0/0

!

!

!

control-plane

!

bridge 1 protocol ieee

banner motd ^CC

*********************************************************************************

*                                                                               *

* This is a private computer system.                                            *

* Unauthorized Access is prohibited. All Access is logged.                      *

* Any unauthorized access will be prosecuted to the fullest extent of the law.  *

*                                                                               *

*********************************************************************************

^C

!

line con 0

transport output all

line aux 0

transport output all

line vty 0 4

password 7 asdfasdf

transport input all

transport output all

!

scheduler max-task-time 5000

scheduler allocate 20000 1000

sntp server 204.312x98.40

en

Open in new window

0
Comment
Question by:ritztech
11 Comments
 
LVL 11

Expert Comment

by:billwharton
ID: 24766407
Your question is very confusing. Can you re-phrase all of it using grammatically correct English?
0
 

Author Comment

by:ritztech
ID: 24767062
i have 14 available statics within my network.



And i need my 192.168.14.2 address to show 65.xx.xx.232 when it goes outbound (right now it shows 65.xx.xx.226)

as you see i have ip nat inside source static 192.168.14.2 65.xx.xx.232

so inbound works just not the outbound.


reasoning
{sip issues with the from header has to show what ip came in and out have to match or it wont terminate the call.}

thanks

0
 
LVL 6

Expert Comment

by:danf0x
ID: 24767331
I see you have the inside source which is setup correctly, but you also have an outside source which shouldn't be there.
ip nat outside source static 192.168.14.2 65.xx.xx.232
0
 
LVL 6

Expert Comment

by:danf0x
ID: 24767389
sorry I hit the button too quickly
You should have
ip nat outside source static  65.xx.xx.232 192.168.14.2
you just have it reversed and it seems you have all of your outside nat statements reversed
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:ritztech
ID: 24787579
hmmm when i did that it just shut off any access to the 192.168.14.2

is there something messed up with my ACL
0
 
LVL 6

Expert Comment

by:danf0x
ID: 24787649
What machine were you talking to it from?  The only thing I see on your list that it can talk to is
access-list 102 permit ip host 192.168.14.2 host 209.203.104.37
access-list 102 permit ip host 209.203.104.37 host 192.168.14.2
0
 

Author Comment

by:ritztech
ID: 24787970
hmmm that was my old SIp provider 2 years ago  im not sure if that would do anything
0
 

Author Comment

by:ritztech
ID: 25362201
could anyone assist me on why thats not able to show.....

thanks
0
 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points
ID: 25580484
You say:

"like 65.xx.xx.233 is assigned at 1 pc and if i do a ipaddy.com on the machine it shows"

but I don't see anything in the configuration that indicates a static resource ending in this octet.

By default (with your configuration), any IP address not specified with a nat outside statement is going to be natted with the IP of your .226 interface.

With your /28 assignment, you have 13 available IP addresses that you can use for static assignments.

You need to add another inside/outside static nat statement with a public IP not in use for that machine.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now