Heres a funny story regarding NAT... I just had a customer's internet down
almost all day today because of this. Running 12.05 you cannot use an
access list for NAT saying permit all. You have to permit more specific
networks... In IOS version 12.07 you can say permit all.
Go figure. Chalk up another learned from mistake.
Cory
-----Original Message-----
From: Minh Vu [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 05, 2000 1:17 PM
To: Medley, Tim; 'Tanner_Green'
Cc: [EMAIL PROTECTED]
Subject: Re: Configuring NAT
It will easy for them if they have two ethernet interfaces. But in this
case they only have one ethernet interface.
I'm running SDSL with kinda same senerio as Tanner, it works fine. Here is
my layout:
ISP<----->SDSL
bridge<------->e0/1005/s0<------>s0/2501/e0<---->hub/switch<----->LAN
So, I do NAT/PAT on ethernet 0 on Cisco 1005 and allow user access to my
server (web/ftp/etc..)
1) My LAN running Net 10.0.0.x.
2) I have ONE Static IP (public IP)
3) Net 20.0.0.x able to access to internet too.
Here is my config:
Cisco 1005
interface Ethernet0
description Connected to Internet
ip address 64.22.137.A 255.255.255.128 <-- static IP
ip helper-address 207.211.58.10 <--- this forward DNS
no ip directed-broadcast
ip nat outside
!
interface Serial0
description Connected to S0-C2501 LAN
ip address 20.0.0.1 255.0.0.0
no ip directed-broadcast
ip nat inside
no ip mroute-cache
no fair-queue
clockrate 4000000 <--- just curious, so I set maximum value. still work
w/o this
!
ip nat translation timeout 300
ip nat translation tcp-timeout 300
ip nat translation finrst-timeout 300
ip nat translation syn-timeout 200
ip nat translation dns-timeout 300
ip nat translation icmp-timeout 300
ip nat pool outside-net 64.22.137.A 64.22.137.A netmask 255.255.255.128
ip nat inside source list 1 interface Ethernet0 overload
ip nat inside source static tcp 10.0.0.2 443 64.22.137.A 443 extendable
ip nat inside source static tcp 10.0.0.2 80 64.22.137.A 80 extendable
ip nat inside source static tcp 10.0.0.2 21 64.22.137.A 21 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0
ip route 10.0.0.0 255.0.0.0 Serial0
!
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 1 permit 20.0.0.0 0.0.0.255
.....
----- Original Message -----
From: "Medley, Tim" <[EMAIL PROTECTED]>
To: "'Tanner_Green'" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, December 04, 2000 6:57 PM
Subject: RE: Configuring NAT
> Tanner,
>
> This can easily be done with a single router that has 2 ethernet
interfaces.
> I suppose you could also use a router with a single fast ethernet
interface
> and use sub-interfaces on the fa interface.
>
> I have done this recently for a customer and am now experimenting with
this
> for my home setup. I used a 2621 (2 fast ethernet interfaces) with IOS
> 12.1(5)T. I used NAT overload (PAT) since my cable modem provider only
> permits 1 ip address. Alternately you could configure a NAT pool if you
have
> more than 1 public ip address.
>
> IOS version 12.1(2)T introduces the "ip address dhcp" command, which
allows
> a ethernet interface to be dynamically be asigned it's ip address via
DHCP;
> from say a cable modem or an ADSL connection.
>
> Here is my config:
>
> !
> version 12.1
> no service password-encryption
> !
> hostname Router
> !
> !
> ip subnet-zero
> !
> !
> ip name-server 24.93.68.65 !Name servers are dynamically
> configured from DHCP
> ip name-server 24.93.68.64
> !
> !
> interface FastEthernet0/0
> ip address dhcp !Configures ip address via
> DHCP
> ip nat outside !Establishes the outside interface
> for NAT
> speed 10 !My cable modem is 10baseT
> only
> half-duplex
> !
> !
> interface FastEthernet0/1
> ip address 10.10.10.1 255.255.255.0 !Configure private address of inside
> interface
> ip nat inside !Establishes the inside
> interface for NAT
> speed 100
> duplex full
> !
> ip nat service skinny tcp port 20002 !This allows my IP Phone to pass
> thru the NAT
> ip nat inside source list 1 interface Fa0/0 overload !Enables PAT
> ip classless
> ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
> no ip http server
> !
> access-list 1 permit any !Tells the router to NAT/PAT
> any ip traffic
> !
> !
> !
> end
>
> enjoy!
>
>
> Tim Medley - CCNA, CCDA
> Network Architect
> VoIP Engineering Group
> 704-943-3615 - Phone
> 704-525-9119 - Fax
> 877-6-iReady - Helpdesk
>
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Tanner_Green
> Sent: Monday, December 04, 2000 8:26 PM
> To: [EMAIL PROTECTED]
> Subject: Configuring NAT
>
>
> Crude Network Diagram Segment
>
> To Internet
> /
> /
> +---------------+
> | ADSL Modem |
> +---------------+
> |
> | IP Address that changes on E0
> |
> +---------------+
> | Cisco 2509 |
> +---------------+
> |
> | Serial Link
> |
> +---------------+
> | Cisco 2620 |
> +---------------+
> |
> /
> /
> To Ethernet Lan Network 10.0.0.0 255.0.0.0
> 25-50 users.
>
> ----------------------------------------------------------
>
> Problem: How do you configure a Cisco 2509 to
> accommodate a dynamic IP from an
> ADSL modem?
> ----------------------------------------------------------
> Requirements
>
> I am trying to accomplish the above as a lab exercise.
> I have been unsuccessful and would appreciate advice.
> I want to:
>
> A.) Have the 2509 obtain and store the changing dynamic
> IP from the ADSL modem.
> B.) Route between the 2509 and 2620 via a serial link
> C.) Have the 2620 setup as NAT router for the local
> LAN of 240 users.
> ----------------------------------------------------------
> Goal
>
> Trying to use the above equipment to simulate the process
> of a Cisco 675, Cayman 3220 or similar SOHO router.
> ----------------------------------------------------------
> Constraints
>
> Cannot purchase routers listed in above goal.
> ----------------------------------------------------------
> Questions
>
> 1.) Can this be done? I am unable to find anything
> on CCO that gives a sample config of this type.
>
> Ref:
> http://www.cisco.com/warp/public/701/60.html
> http://www.cisco.com/warp/public/556/index.shtml
>
> 2.) Can this be done with one router? Appears no
> but the dumb question is the one that you
> done ask.
>
> 3.) Is there a better way to do this?
>
> ---------------------------------------------------------
>
> Thank you for your help.
>
>
>
>
>
>
>
>
>
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
