version 12.1
no service single-slot-reload-enable
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname Cisco1605
!
logging buffered 4096 debugging
logging rate-limit console 10 except errors
enable secret 5 **********
!
ip subnet-zero
no ip source-route
no ip finger
no ip domain-lookup
!
!
!
interface Ethernet0
description connected to EthernetLAN
ip address 192.168.100.1 255.255.255.0 secondary
ip address 192.168.10.1 255.255.255.0
ip nat inside
no cdp enable
!
interface Ethernet1
description connected to Internet
ip address dhcp
ip nat outside
no cdp enable
!
ip nat inside source list 101 interface Ethernet1 overload
ip nat inside source static tcp 192.168.100.11 53 53
ip nat inside source static udp 192.168.100.11 53 53
ip classless
no ip http server
!
logging trap debugging
logging facility local7
logging source-interface Ethernet0
logging 192.168.100.10
access-list 11 permit 192.168.100.0 0.0.0.255 log
access-list 11 permit 192.168.10.0 0.0.0.255 log
access-list 11 deny any log
access-list 101 permit ip 192.168.100.0 0.0.0.255 any
access-list 101 permit ip 192.168.10.0 0.0.0.255 any
no cdp run
banner motd ^CCAuthorized Use Only!^C
!
line con 0
exec-timeout 0 0
password 7 *******
login
transport input none
line vty 0 4
access-class 11 in
exec-timeout 5 0
password 7 ******
login
!
end
Cisco1605#
This is a basic config with two subnets behind it, primarily for managemnet
and education (Mine). I wanted to learn about VLANs and such on a manged
switch I had. It work equally well with only a single subnet. The Telnet
access lists are also very broad, this was for a lab so I gave any machine
on the private network access to the telnet line. It also has Port
redirection for DNS, thanks to Jason Roydson for that tidbit of info, a
useful and very poorly documented feature in the new IOSes.
Ken Claussen MCSE CCNA CCA
[EMAIL PROTECTED]
"The Mind is a Terrible thing to Waste!"
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Hire, Ejay
Sent: Thursday, April 12, 2001 1:13 PM
To: [EMAIL PROTECTED]
Subject: RE: Passing IPSEC packets on DSL [7:321]
Is there any way to do NAT on a PIX or a Cisco router if you only have one
usable IP address? I perused CCO, and the most minimalistic NAT/PAT config
I can find still requires 2 (1 interface, one global) addresses. The
Linksys/Netgear jobbies do it with one IP.
i.e.
ISP - ISP router Ethernet (216.142.0.1 255.255.255.252) - (216.142.0.2
255.255.255.252) Router - Internal network.
-----Original Message-----
From: Elijah Savage [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 12, 2001 9:47 AM
To: [EMAIL PROTECTED]
Subject: RE: Passing IPSEC packets on DSL [7:321]
Yeah his comment makes me curious as to what these DSL router
manufacturers have done to make it work. Surely if someone like netgear
can make it work Cisco can.
-----Original Message-----
From: Circusnuts [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 12, 2001 9:08 AM
To: [EMAIL PROTECTED]
Subject: Re: Passing IPSEC packets on dsl [7:321]
Are you sure- my PIX 506 does it with no problem ???
----- Original Message -----
From: Charles Manafa
To:
Sent: Thursday, April 12, 2001 8:37 AM
Subject: RE: Passing IPSEC packets on dsl [7:321]
> VPN does not work when IPSEC packets are NAT'd. One of the reasons why
this
> doesn't work is that packet authentication will fail when the packet
is
> NAT'd - the calculated hash will not match after NAT has been applied.
>
> Charles
>
> -----Original Message-----
> From: Elijah Savage
> To: [EMAIL PROTECTED]
> Sent: 12/04/01 12:11
> Subject: Passing IPSEC packets on dsl [7:321]
>
> All,
>
> I purchased a 1605 from eBay for my home lab. I decided to play with
it
> a bit on my DSL circuit. I am using NAT on this router, and everything
> works fine except that now I can't vpn from the inside. Example,
trying
> to establish a vpn connection from a client on my local network in to
> our vpn router at my place of employment. Of course with the netgear
dsl
> router it passes those ipsec packets. I was wondering if anyone has
> tried this before and been able to make this happen.
>
> Thanks in advance.
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=740&t=321
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
