[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Configure Cisco 877 for multiple IP addresses

Posted on 2011-05-10
3
Medium Priority
?
743 Views
Last Modified: 2012-05-11
Please see attached my current configuration that is working perfectly.

I am keeping my current public IP address shown in the configuration as well as adding 59.167.193.152/29

What I need to know is how do I add multiple static entires for the ADSL connection. Then forward port 80 and port 443 from 59.167.193.152/29 IE: 59.167.193.155 to 192.168.1.8 but I MUST keep my already functioning port 80 and 443 forwards.
cctrouter01#term len 0
cctrouter01#show run
Building configuration...

Current configuration : 11017 bytes
!
! Last configuration change at 11:12:26 PCTime Wed May 11 2011 by cct
!
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname cctrouter01
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 4096
logging console critical
enable secret 5 $1$HAts$4NA/VChIXXGxat0776leF0
!
no aaa new-model
monitor event-trace cfd size 500
memory-size iomem 10
clock timezone PCTime 10
clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-241047421
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-241047421
 revocation-check none
 rsakeypair TP-self-signed-241047421
!
!
crypto pki certificate chain TP-self-signed-241047421
 certificate self-signed 01
  30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 32343130 34373432 31301E17 0D313031 31323530 38333434 
  395A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3234 31303437 
  34323130 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 
  C20113F9 B87A578D D057ACB5 8CE4F7F4 565CDD10 1D75F92F F38A361E 8AB38541 
  BD9B4E09 FE963016 CB6CB9DF 3F141B23 17CB45E0 02A29ECB F90D221C 1FF28B54 
  14E0BA33 82FC186C 9BAF75C1 9BF95772 76096423 A96A74DA 8C10A228 F0A9BB09 
  F23ED346 979044B7 C636923F E21C3E2D 7BF81051 B5E144CB 4C73C353 E458F7F5 
  02030100 01A37D30 7B300F06 03551D13 0101FF04 05300301 01FF3028 0603551D 
  11042130 1F821D63 6374726F 75746572 30312E63 63746265 6E646967 6F2E636F 
  6D2E6175 301F0603 551D2304 18301680 14ECEF93 BCB01AE3 7D3199C8 08F43D02 
  E203159B 1F301D06 03551D0E 04160414 ECEF93BC B01AE37D 3199C808 F43D02E2 
  03159B1F 300D0609 2A864886 F70D0101 04050003 81810055 C8EA79A8 D4AD9E98 
  5396E803 D01120E8 4B16AC24 37EE7B51 9378226B 0E9D9D72 401228F7 23C6FE40 
  1B7BC90B E97B5ED4 D93A5E0A 96F28AA3 F9014BDE 28957A92 CA700443 01D13164 
  9F86C7F8 78C247EE F0F6D9D1 50713233 AB2DA4FD 854B3C91 BBD19C13 8DD228B9 
  A6F4D77D BE462189 935D922C 08A4CE21 19F46088 79042E
  	quit
no ip source-route
!
!
!
!
ip cef
no ip bootp server
ip domain name cctbendigo.com.au
ip name-server 192.168.1.4
ip port-map user-utorrent port tcp 8456
ip port-map user-kaseya port tcp 5721
ip port-map user-rdp port tcp 3389
ip port-map user-rdp2 port tcp 3390
ip inspect log drop-pkt
no ipv6 cef
!
!
license udi pid CISCO887-K9 sn FHK142879H9
!
!
username cct privilege 15 secret 5 $1$iVMt$YFYAjU0830Ww8BPHX5mf8.
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
class-map type inspect match-any rdp2
 match protocol user-rdp2
class-map type inspect match-all sdm-cls-sdm-pol-NATOutsideToInside-1-5
 match class-map rdp2
 match access-group name rdp2
class-map type inspect match-any FTP
 match protocol ftp
class-map type inspect match-all sdm-cls-sdm-pol-NATOutsideToInside-1-4
 match class-map FTP
 match access-group name FTP
class-map type inspect match-any utorrent
 match protocol user-utorrent
class-map type inspect match-all sdm-cls-sdm-pol-NATOutsideToInside-1-3
 match class-map utorrent
 match access-group name utorrent
class-map type inspect match-all sdm-nat-http-1
 match access-group 102
 match protocol http
class-map type inspect match-any rdp
 match protocol user-rdp
class-map type inspect match-all sdm-cls-sdm-pol-NATOutsideToInside-1-2
 match class-map rdp
 match access-group name rdp
class-map type inspect match-any Kaseya
 match protocol user-kaseya
class-map type inspect match-all sdm-cls-sdm-pol-NATOutsideToInside-1-1
 match class-map Kaseya
 match access-group name Kaseya
class-map type inspect match-all sdm-nat-smtp-1
 match access-group 103
 match protocol smtp
class-map type inspect match-any ccp-cls-insp-traffic
 match protocol cuseeme
 match protocol dns
 match protocol ftp
 match protocol h323
 match protocol https
 match protocol icmp
 match protocol imap
 match protocol pop3
 match protocol netshow
 match protocol shell
 match protocol realmedia
 match protocol rtsp
 match protocol smtp
 match protocol sql-net
 match protocol streamworks
 match protocol tftp
 match protocol vdolive
 match protocol tcp
 match protocol udp
class-map type inspect match-all ccp-insp-traffic
 match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-cls-icmp-access
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect match-all ccp-icmp-access
 match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-invalid-src
 match access-group 100
class-map type inspect match-all sdm-nat-https-1
 match access-group 101
 match protocol https
class-map type inspect match-all ccp-protocol-http
 match protocol http
!
!
policy-map type inspect ccp-permit-icmpreply
 class type inspect ccp-icmp-access
  inspect 
 class class-default
  drop
policy-map type inspect sdm-pol-NATOutsideToInside-1
 class type inspect sdm-cls-sdm-pol-NATOutsideToInside-1-5
  inspect 
 class type inspect sdm-cls-sdm-pol-NATOutsideToInside-1-4
  inspect 
 class type inspect sdm-cls-sdm-pol-NATOutsideToInside-1-3
  inspect 
 class type inspect sdm-cls-sdm-pol-NATOutsideToInside-1-2
  inspect 
 class type inspect sdm-cls-sdm-pol-NATOutsideToInside-1-1
  inspect 
 class type inspect sdm-nat-https-1
  inspect 
 class type inspect sdm-nat-http-1
  inspect 
 class type inspect sdm-nat-smtp-1
  inspect 
 class class-default
  drop
policy-map type inspect ccp-inspect
 class type inspect ccp-invalid-src
  drop log
 class type inspect ccp-protocol-http
  inspect 
 class type inspect ccp-insp-traffic
  inspect 
 class class-default
  drop
policy-map type inspect ccp-permit
 class class-default
  drop
!
zone security out-zone
zone security in-zone
zone-pair security ccp-zp-self-out source self destination out-zone
 service-policy type inspect ccp-permit-icmpreply
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
 service-policy type inspect sdm-pol-NATOutsideToInside-1
zone-pair security ccp-zp-in-out source in-zone destination out-zone
 service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
 service-policy type inspect ccp-permit
! 
!
!
!
!
!
!
interface BRI0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 encapsulation hdlc
 shutdown
 isdn termination multidrop
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
 description $FW_OUTSIDE$$ES_WAN$
 ip flow ingress
 pvc 8/35 
  pppoe-client dial-pool-number 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address 192.168.1.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat inside
 ip virtual-reassembly
 zone-member security in-zone
 ip tcp adjust-mss 1412
!
interface Dialer0
 description $FW_OUTSIDE$
 ip address 59.167.121.52 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1452
 ip flow ingress
 ip nat outside
 ip virtual-reassembly
 zone-member security out-zone
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname c******o@internode.on.net
 ppp chap password 7 130***************12C
 ppp pap sent-username c******o@internode.on.net password 7 0110***************3B44
 no cdp enable
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 105 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.4 21 59.167.121.52 21 extendable
ip nat inside source static tcp 192.168.1.253 25 59.167.121.52 25 extendable
ip nat inside source static tcp 192.168.1.7 80 59.167.121.52 80 extendable
ip nat inside source static tcp 192.168.1.4 443 59.167.121.52 443 extendable
ip nat inside source static tcp 192.168.1.4 3389 59.167.121.52 3389 extendable
ip nat inside source static tcp 192.168.1.7 3390 59.167.121.52 3390 extendable
ip nat inside source static tcp 192.168.1.7 5721 59.167.121.52 5721 extendable
ip nat inside source static tcp 192.168.1.30 8456 59.167.121.52 8456 extendable
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended FTP
 remark CCP_ACL Category=128
 permit ip any host 192.168.1.4
ip access-list extended Kaseya
 remark CCP_ACL Category=128
 permit ip any host 192.168.1.7
ip access-list extended rdp
 remark CCP_ACL Category=128
 permit ip any host 192.168.1.4
ip access-list extended rdp2
 remark CCP_ACL Category=128
 permit ip any host 192.168.1.7
ip access-list extended utorrent
 remark CCP_ACL Category=128
 permit ip any host 192.168.1.30
!
logging trap debugging
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark CCP_ACL Category=0
access-list 101 permit ip any host 192.168.1.4
access-list 102 remark CCP_ACL Category=0
access-list 102 permit ip any host 192.168.1.7
access-list 103 remark CCP_ACL Category=0
access-list 103 permit ip any host 192.168.1.253
access-list 105 remark CCP_ACL Category=2
access-list 105 permit ip 192.168.1.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run

!
!
!
!
!
control-plane
!
banner exec ^CCCC
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for  one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you
want to use.

-----------------------------------------------------------------------
^C
banner login ^CCCCAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 no modem enable
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

Open in new window

0
Comment
Question by:Rondog_88
  • 2
3 Comments
 
LVL 6

Accepted Solution

by:
Wissam earned 1000 total points
ID: 35735062
hello the below answers your Q:

1) you should enter the new real subnet as secondary, use any available IP for the dialer interface
interface Dialer0
 ip address 59.167.193.15x 255.255.255.248 secondary

2) do the nating on the new subnet required.
ip nat inside source static tcp 192.168.1.8 80 59.167.193.155 80 extendable
ip nat inside source static tcp 192.168.1.8 443 59.167.193.155 443 extendable

Note: Additional ip policy routes can be used to control directions of traffic (inbound & outbound)
0
 

Author Comment

by:Rondog_88
ID: 35735103
So I need to make the Dialer0 look like the lot of code below.
And make the new natting look like the second piece of code.
ip nat inside source list 105 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.4 21 59.167.121.52 21 extendable
ip nat inside source static tcp 192.168.1.253 25 59.167.121.52 25 extendable
ip nat inside source static tcp 192.168.1.7 80 59.167.121.52 80 extendable
ip nat inside source static tcp 192.168.1.4 443 59.167.121.52 443 extendable
ip nat inside source static tcp 192.168.1.4 3389 59.167.121.52 3389 extendable
ip nat inside source static tcp 192.168.1.7 3390 59.167.121.52 3390 extendable
ip nat inside source static tcp 192.168.1.7 5721 59.167.121.52 5721 extendable
ip nat inside source static tcp 192.168.1.30 8456 59.167.121.52 8456 extendable
ip nat inside source static tcp 192.168.1.8 80 59.167.193.155 80 extendable
ip nat inside source static tcp 192.168.1.8 443 59.167.193.155 443 extendable
ip route 0.0.0.0 0.0.0.0 Dialer0

Open in new window

interface Dialer0
 description $FW_OUTSIDE$
 ip address 59.167.121.52 255.255.255.0
 ip address 59.167.193.155 255.255.255.248 secondary
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1452
 ip flow ingress
 ip nat outside
 ip virtual-reassembly
 zone-member security out-zone
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname c******o@internode.on.net
 ppp chap password 7 130***************12C
 ppp pap sent-username c******o@internode.on.net password 7 0110***************3B44
 no cdp enable

Open in new window

0
 
LVL 6

Expert Comment

by:Wissam
ID: 35735221
Yap
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question