Please Help : Very Urgent : Configuring NAT on a CISCO Router

Discussion in 'Cisco' started by Mohamed, Dec 26, 2006.

  1. Mohamed

    Mohamed Guest

    Hi
    Recently we took an Internet Leased line in our company. We were
    provided with the HTU Modem, and we already had a router 805 series.
    All the physical connection was done.

    Then we got the following list of IP addresses

    Router Gateway : 84.155.62.180
    Serial address : 84.155.62.179 255.255.255.248


    Network Address: 84.155.62.155 255.255.255.252
    List of Hosts
    84.155.62.156
    84.155.62.157
    84.155.62.158
    84.155.62.159
    84.155.62.160
    84.155.62.161
    84.155.62.162

    DNS Server
    212.72.1.186
    212.72.23.4

    And I was asked to configure my router as follows

    conf t
    !
    interface Ethernet0
    ip address 84.155.62.155 255.255.255.252
    no cdp enable
    no bridge-group 1
    !
    interface serial0
    ip address 84.155.62.155 179.255.255.248
    no shutdown
    !
    ip route 0.0.0.0 0.0.0.0 84.155.62.180


    My Internal;network ID is 192.168.2.x

    Now I would like to share teh internet connection within my network,
    how do i do that

    Please help me very urgent
     
    Mohamed, Dec 26, 2006
    #1
    1. Advertisements

  2. Mohamed

    Bod43 Guest

    You need to go back to your ISP and get the correct address
    and mask information.

    The details that you have given do not make sense.
     
    Bod43, Dec 26, 2006
    #2
    1. Advertisements

  3. Mohamed

    Mohamed Guest

    what kind of information i need to get from the ISP

    after that what i need to do

    kindly advice
     
    Mohamed, Dec 26, 2006
    #3
  4. Mohamed

    Bod43 Guest

    OK,

    Here is what it probably should look like, but I am guessing.



    Router Gateway : x.y.62.180
    Serial address : x.y.62.179 255.255.255.252 ! < -- changed


    Network Address: x.y.62.152 255.255.255.248 ! < -- changed
    List of Hosts
    x.y.62.153 ! < -- host range changed
    x.y.62.154
    x.y.62.155
    x.y.62.156
    x.y.62.167
    x.y.62.168



    DNS Server
    212.72.1.186
    212.72.23.4


    If you are not using a seperate firewall inside the
    router do this:-

    conf t
    !
    interface Ethernet0
    ip address 192.168.2.1 255.255.255.0
    no bridge-group 1
    ip nat inside
    no shutdown
    !
    interface serial0
    ip address x.y.62.179 255.255.255.252
    ip nat outside
    no shutdown
    !
    ip route 0.0.0.0 0.0.0.0 x.y.62.180

    ip nat inside source list ACL.nat interface Serial0 overload

    ip access-l extended ACL.nat
    permit 192.168.2.0 0.0.0.255 any


    You will see that your host range has not been used.
    This is OK and leaves you plenty of addresses to sue for
    servers later.

    This does NOT give you a proper firewall but the reality seems to
    be that a lot of poeple rely on Dynamic NAT for their
    security. I am not recommending that as a course of action.

    If you have a firewll feature set (post sh ver, sh run)
    you can configure that without affecting the
    existing config.
     
    Bod43, Dec 26, 2006
    #4
  5. Mohamed

    Drake Guest

    Mohamed,

    You should never list your routable ip addresses in a public forum!
    There are people out there who will use these to your detrement.
    I advise you to button down the hatches. Get a good firewall/secutity
    appliance.

    Be Paranoid. We already know you are in Muscat, Oman :)

    Check further down for some advice.

    Your ISP is assuming you want to use the ip numbers they
    gave you for your internal hosts. BAD IDEA. use:
    ip address 192.168.2.1 for E0 and setup a NAT Pool
    using the ip's given by your isp.
    According to what you wrote above, this should be 84.155.62.179
     
    Drake, Dec 26, 2006
    #5
  6. Mohamed

    Fer Mtz Guest

    i am agree with last message.

    You need to use a 255.255.255.252 mask for your serial interface.
    Use private address for your LAN, and with public addressess do your
    NAT in that way.
    This can give you a little security but maybe you need a firewall and
    some other stuffs.

    Lets us know if we can help you more...


    best regards.
     
    Fer Mtz, Dec 27, 2006
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.