1841 static nat

Discussion in 'Cisco' started by mmark751969, Oct 26, 2008.

  1. mmark751969

    mmark751969 Guest

    On an 1841 router. I am trying to open up another external ip address
    for inbound traffic, besides the interface address. Below is my
    configuration for doing so. Testing to the external address is still
    being blocked. The private to public address natting seems to be done
    in the ip nat inside source statement. Something else needed?


    Building configuration...

    Current configuration : 3675 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname
    !
    boot-start-marker
    boot system flash c1841-advsecurityk9-mz.124-21.bin
    boot-end-marker
    !
    logging buffered 52000 debugging
    enable secret 5 $1$q5ra$F56FCZ7lxzwWPimdEvYMx0
    !
    no aaa new-model
    ip cef
    !
    !
    ip auth-proxy max-nodata-conns 3
    ip admission max-nodata-conns 3
    !
    !
    ip domain name yourdomain.com
    !
    !
    !
    username cisco privilege 15 secret 5 $1$h1Az$WFGGcgHnwszGQzJu/bSMF.
    username admin privilege 15 secret 5 $1$3Jz9$xEGxyD38I721pyMsGjG2s0
    !
    !
    !
    !
    !
    !
    interface FastEthernet0/0
    description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ETH-LAN$
    ip address 192.168.2.253 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    duplex auto
    speed auto
    !
    interface FastEthernet0/1
    description WAN interface
    ip address 75.135.x.1 255.255.255.252
    no ip redirects
    no ip unreachabes
    ip access-group 100 in
    no ip proxy-arp
    ip nat outside
    ip virtual-reassembly
    no ip mroute-cache
    duplex auto
    speed auto
    no cdp enable
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 x.x.x.x
    !
    ip http server
    ip http access-class 23
    ip http authentication local
    no ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source list 10 interface FastEthernet0/1 overload
    ip nat inside source static tcp 192.168.2.12 25 75.135.x.2 25
    extendable
    ip nat inside source static tcp 192.168.2.12 443 75.135.x.2 443
    extendable
    ip nat inside source static tcp 192.168.2.12 3389 75.135.x.2 3389
    extendable
    !
    access-list 100 permit tcp any host 75.135.x.2 eq pop3
    access-list 100 permit tcp any host 75.135.x.2 eq smtp
    access-list 100 permit tcp any host 75.135.x.2 eq www
    access-list 100 permit tcp any host 75.135.x.2 eq 563
    access-list 100 permit tcp any host 75.135.x.2 eq 143
    access-list 100 permit tcp any host 75.135.x.2 eq 443
    access-list 100 permit ip any host 75.135.x.1

    access-list 1 remark SDM_ACL Category=2
    access-list 1 permit 192.168.0.0 0.0.0.255
    access-list 10 permit 192.168.2.0 0.0.0.255
    access-list 23 permit 192.168.2.0 0.0.0.255
    no cdp run
    !
    !
    control-plane
    !


    !
    line con 0
    login local
    line aux 0
    line vty 0 4
    access-class 23 in
    privilege level 15
    login local
    transport input telnet
    line vty 5 15
    access-class 23 in
    privilege level 15
    login local
    transport input telnet
    !
    scheduler allocate 20000 1000
    end
     
    mmark751969, Oct 26, 2008
    #1
    1. Advertising

  2. mmark751969

    Brian V Guest

    "mmark751969" <> wrote in message
    news:...
    > On an 1841 router. I am trying to open up another external ip address
    > for inbound traffic, besides the interface address. Below is my
    > configuration for doing so. Testing to the external address is still
    > being blocked. The private to public address natting seems to be done
    > in the ip nat inside source statement. Something else needed?
    >
    >
    > Building configuration...
    >
    > Current configuration : 3675 bytes
    > !
    > version 12.4
    > service timestamps debug datetime msec
    > service timestamps log datetime msec
    > no service password-encryption
    > !
    > hostname
    > !
    > boot-start-marker
    > boot system flash c1841-advsecurityk9-mz.124-21.bin
    > boot-end-marker
    > !
    > logging buffered 52000 debugging
    > enable secret 5 $1$q5ra$F56FCZ7lxzwWPimdEvYMx0
    > !
    > no aaa new-model
    > ip cef
    > !
    > !
    > ip auth-proxy max-nodata-conns 3
    > ip admission max-nodata-conns 3
    > !
    > !
    > ip domain name yourdomain.com
    > !
    > !
    > !
    > username cisco privilege 15 secret 5 $1$h1Az$WFGGcgHnwszGQzJu/bSMF.
    > username admin privilege 15 secret 5 $1$3Jz9$xEGxyD38I721pyMsGjG2s0
    > !
    > !
    > !
    > !
    > !
    > !
    > interface FastEthernet0/0
    > description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ETH-LAN$
    > ip address 192.168.2.253 255.255.255.0
    > ip nat inside
    > ip virtual-reassembly
    > duplex auto
    > speed auto
    > !
    > interface FastEthernet0/1
    > description WAN interface
    > ip address 75.135.x.1 255.255.255.252
    > no ip redirects
    > no ip unreachabes
    > ip access-group 100 in
    > no ip proxy-arp
    > ip nat outside
    > ip virtual-reassembly
    > no ip mroute-cache
    > duplex auto
    > speed auto
    > no cdp enable
    > !
    > ip forward-protocol nd
    > ip route 0.0.0.0 0.0.0.0 x.x.x.x
    > !
    > ip http server
    > ip http access-class 23
    > ip http authentication local
    > no ip http secure-server
    > ip http timeout-policy idle 60 life 86400 requests 10000
    > ip nat inside source list 10 interface FastEthernet0/1 overload
    > ip nat inside source static tcp 192.168.2.12 25 75.135.x.2 25
    > extendable
    > ip nat inside source static tcp 192.168.2.12 443 75.135.x.2 443
    > extendable
    > ip nat inside source static tcp 192.168.2.12 3389 75.135.x.2 3389
    > extendable
    > !
    > access-list 100 permit tcp any host 75.135.x.2 eq pop3
    > access-list 100 permit tcp any host 75.135.x.2 eq smtp
    > access-list 100 permit tcp any host 75.135.x.2 eq www
    > access-list 100 permit tcp any host 75.135.x.2 eq 563
    > access-list 100 permit tcp any host 75.135.x.2 eq 143
    > access-list 100 permit tcp any host 75.135.x.2 eq 443
    > access-list 100 permit ip any host 75.135.x.1
    >


    > access-list 1 remark SDM_ACL Category=2
    > access-list 1 permit 192.168.0.0 0.0.0.255
    > access-list 10 permit 192.168.2.0 0.0.0.255
    > access-list 23 permit 192.168.2.0 0.0.0.255
    > no cdp run
    > !
    > !
    > control-plane
    > !
    >
    >
    > !
    > line con 0
    > login local
    > line aux 0
    > line vty 0 4
    > access-class 23 in
    > privilege level 15
    > login local
    > transport input telnet
    > line vty 5 15
    > access-class 23 in
    > privilege level 15
    > login local
    > transport input telnet
    > !
    > scheduler allocate 20000 1000
    > end
    >


    Same answer as yesterday...... You need to add it to your outside ACL as
    well. Assuming it's the RDP you are trying to add:
    access-list 100 permit tcp any host 75.135.x.2 eq 3389
     
    Brian V, Oct 26, 2008
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Anonymous Poster
    Replies:
    0
    Views:
    10,736
    Anonymous Poster
    Apr 26, 2004
  2. Ronald de Leeuw
    Replies:
    2
    Views:
    14,434
  3. Replies:
    1
    Views:
    822
  4. Replies:
    1
    Views:
    509
    Brian V
    Sep 22, 2007
  5. mmark751969

    static nat to 1841

    mmark751969, Oct 25, 2008, in forum: Cisco
    Replies:
    1
    Views:
    1,999
    Brian V
    Oct 25, 2008
Loading...

Share This Page