asked on NAT on a cisco router (hosting exchange and website internally)
Hi,
We were donated a new cisco 891 router. I am trying to set it up.
I can connect to the internet but NAT is not working, for example our exchange cannot get emails because port 25 is not NAT to the internal IP of exchange.
Please help with the proper commands to run to set this up!
Below is my config
Building configuration...
Current configuration : 6107 bytes
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 891
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 STUFF
!
no aaa new-model
!
!
!
service-module wlan-ap 0 bootimage autonomous
!
crypto pki trustpoint TP-self-signed-4274201092
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-4274201092
!
!
crypto pki certificate chain TP-self-signed-4274201092
certificate self-signed 01
30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34323734 32303130 3932301E 170D3130 30393239 32303139
31365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373432
30313039 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C8EA C7CB3918 91D93B31 E8229DFD DE5DCB1E 8F630232 E646ED1A 1B27259D
35057997 9D279F12 2F11047F 60641ADE 805966C1 9F66FD94 D8381FD1 16AA77D4
8D9A860B 16DC96EF E23A1229 3B34A4A3 C8D3EB04 CF0EC12E C73B40AD 9A3B4561
34DD8439 8A6841FC FD69E57A 5BBAA9E3 A7921A15 D4229C34 41B48D6C 7D1E6949
44F90203 010001A3 79307730 0F060355 1D130101 FF040530 030101FF 30240603
551D1104 1D301B82 194C4441 4E59432D 3839312D 572E6C64 616E7963 2E6C6F63
616C301F 0603551D 23041830 16801427 84DB254D 00D1C619 5DDB4889 F2D0E4C3
F0E85D30 1D060355 1D0E0416 04142784 DB254D00 D1C6195D DB4889F2 D0E4C3F0
E85D300D 06092A86 4886F70D 01010405 00038181 008F87F7 3606B0D1 5F9003C8
1F60FC10 CF2E0C3E A70ED40B C8ED2C87 8B7DD541 11EFB2C1 979018FD B5FC54B2
F9CD3444 F735CEA8 02C19FA3 4049CAB8 63743599 6E040B55 A75F3ACE C062FB49
9C0248C9 4961562E 3DAB38F4 897C60FA F637285D 180EDD22 4946B1C8 7C2BDF0C
C6F1CC8C D66815AC 6F796507 41F05C48 0D7EA9D6 3E
quit
ip source-route
!
!
!
!
ip cef
no ip domain lookup
ip domain name my.domainisfilledout
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO891W-AGN-A-K9 sn FTX1435838V
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
!
interface FastEthernet1
!
!
interface FastEthernet2
!
!
interface FastEthernet3
!
!
interface FastEthernet4
!
!
interface FastEthernet5
!
!
interface FastEthernet6
!
!
interface FastEthernet7
!
!
interface FastEthernet8
no ip address
ip nat inside
ip virtual-reassembly
shutdown
duplex auto
speed auto
!
!
interface GigabitEthernet0
description $ES_WAN$$ETH-WAN$
ip address PUBLIC IP 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
arp timeout 0
!
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
!
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-
ip address 192.168.31.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
!
interface Async1
no ip address
encapsulation slip
!
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat pool ME 192.168.31.1 192.168.31.255 netmask 255.255.255.0
ip nat inside source list 1 interface GigabitEthernet0 overload
ip route 0.0.0.0 0.0.0.0 ROUTER EXT IP permanent
!
access-list 1 permit 192.168.31.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 192.168.31.0 0.0.0.255
no cdp run
!
!
!
!
!
!
control-plane
!
!
banner exec ^C
% Password expiration warning.
--------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you want to
use.
--------------------------
^C
banner login ^C
--------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.
YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE PUBLICLY-KNOWN
CREDENTIALS
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want
to use.
IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL NOT BE ABLE
TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.
For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
--------------------------
^C
!
line con 0
login local
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin udptn ssh
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
ntp update-calendar
ntp server 64.90.182.55 prefer
end
ROUTERW#
We were donated a new cisco 891 router. I am trying to set it up.
I can connect to the internet but NAT is not working, for example our exchange cannot get emails because port 25 is not NAT to the internal IP of exchange.
Please help with the proper commands to run to set this up!
Below is my config
Building configuration...
Current configuration : 6107 bytes
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 891
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 STUFF
!
no aaa new-model
!
!
!
service-module wlan-ap 0 bootimage autonomous
!
crypto pki trustpoint TP-self-signed-4274201092
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-4274201092
!
!
crypto pki certificate chain TP-self-signed-4274201092
certificate self-signed 01
30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34323734 32303130 3932301E 170D3130 30393239 32303139
31365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373432
30313039 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C8EA C7CB3918 91D93B31 E8229DFD DE5DCB1E 8F630232 E646ED1A 1B27259D
35057997 9D279F12 2F11047F 60641ADE 805966C1 9F66FD94 D8381FD1 16AA77D4
8D9A860B 16DC96EF E23A1229 3B34A4A3 C8D3EB04 CF0EC12E C73B40AD 9A3B4561
34DD8439 8A6841FC FD69E57A 5BBAA9E3 A7921A15 D4229C34 41B48D6C 7D1E6949
44F90203 010001A3 79307730 0F060355 1D130101 FF040530 030101FF 30240603
551D1104 1D301B82 194C4441 4E59432D 3839312D 572E6C64 616E7963 2E6C6F63
616C301F 0603551D 23041830 16801427 84DB254D 00D1C619 5DDB4889 F2D0E4C3
F0E85D30 1D060355 1D0E0416 04142784 DB254D00 D1C6195D DB4889F2 D0E4C3F0
E85D300D 06092A86 4886F70D 01010405 00038181 008F87F7 3606B0D1 5F9003C8
1F60FC10 CF2E0C3E A70ED40B C8ED2C87 8B7DD541 11EFB2C1 979018FD B5FC54B2
F9CD3444 F735CEA8 02C19FA3 4049CAB8 63743599 6E040B55 A75F3ACE C062FB49
9C0248C9 4961562E 3DAB38F4 897C60FA F637285D 180EDD22 4946B1C8 7C2BDF0C
C6F1CC8C D66815AC 6F796507 41F05C48 0D7EA9D6 3E
quit
ip source-route
!
!
!
!
ip cef
no ip domain lookup
ip domain name my.domainisfilledout
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO891W-AGN-A-K9 sn FTX1435838V
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
!
interface FastEthernet1
!
!
interface FastEthernet2
!
!
interface FastEthernet3
!
!
interface FastEthernet4
!
!
interface FastEthernet5
!
!
interface FastEthernet6
!
!
interface FastEthernet7
!
!
interface FastEthernet8
no ip address
ip nat inside
ip virtual-reassembly
shutdown
duplex auto
speed auto
!
!
interface GigabitEthernet0
description $ES_WAN$$ETH-WAN$
ip address PUBLIC IP 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
arp timeout 0
!
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
!
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-
ip address 192.168.31.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
!
interface Async1
no ip address
encapsulation slip
!
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat pool ME 192.168.31.1 192.168.31.255 netmask 255.255.255.0
ip nat inside source list 1 interface GigabitEthernet0 overload
ip route 0.0.0.0 0.0.0.0 ROUTER EXT IP permanent
!
access-list 1 permit 192.168.31.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 192.168.31.0 0.0.0.255
no cdp run
!
!
!
!
!
!
control-plane
!
!
banner exec ^C
% Password expiration warning.
--------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you want to
use.
--------------------------
^C
banner login ^C
--------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.
YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE PUBLICLY-KNOWN
CREDENTIALS
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want
to use.
IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL NOT BE ABLE
TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.
For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
--------------------------
^C
!
line con 0
login local
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin udptn ssh
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
ntp update-calendar
ntp server 64.90.182.55 prefer
end
ROUTERW#
ExchangeRoutersCisco
Last Comment
blue-screen
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
As a less experienced user, you might want to use the web based Cisco Configuration professional rather than the raw CLI.
www.cisco.com/go/ccp
Download the latest version, check out the quick start and user guide.
Once installed, you should be able to log into the router and work through the wizards for most common tasks.
www.cisco.com/go/ccp
Download the latest version, check out the quick start and user guide.
Once installed, you should be able to log into the router and work through the wizards for most common tasks.
no fixup protocol smtp 25
This has caused me lots of grief with exchange