Re: Configuring Cisco 1601-R for NAT

xkepo · ‎04-19-2004

Dear Sir / Madam,

My objective is only to enable my Cisco 1601-R router as NAT so I can use private IP for some of my computers in my LAN to connect to internet.

What command sould I add to the configuration?

Thank you in advance for any help or comment.

Regards.

=============================================

Using 878 out of 7506 bytes

!

version 12.0

service timestamps debug uptime

service timestamps log uptime

!

hostname 1600

!

enable password cisco

!

ip subnet-zero

ip name-server xxx.xxx.yyy.zzz

!

interface Ethernet0

description Local Area Network

ip address xxx.xxx.38.33 255.255.255.240

no ip directed-broadcast

no ip route-cache

!

interface Serial0

description Link to Internet

ip address xxx.xxx.44.198 255.255.255.252

no ip directed-broadcast

encapsulation frame-relay IETF

no ip route-cache

no fair-queue

frame-relay interface-dlci 217

frame-relay lmi-type ansi

!

ip classless

ip route 0.0.0.0 0.0.0.0 xxx.xxx.44.197

no ip http server

!

line con 0

exec-timeout 5 0

transport input none

line vty 0 4

password cisco

login

!

end

Georg Pauwen · ‎04-19-2004

Hello,

add the lines marked with --> to your configuration:

Using 878 out of 7506 bytes

!

version 12.0

service timestamps debug uptime

service timestamps log uptime

!

hostname 1600

!

enable password cisco

!

ip subnet-zero

ip name-server xxx.xxx.yyy.zzz

!

interface Ethernet0

description Local Area Network

ip address xxx.xxx.38.33 255.255.255.240

-->ip nat inside

no ip directed-broadcast

no ip route-cache

!

interface Serial0

description Link to Internet

ip address xxx.xxx.44.198 255.255.255.252

no ip directed-broadcast

encapsulation frame-relay IETF

no ip route-cache

-->ip nat outside

no fair-queue

frame-relay interface-dlci 217

frame-relay lmi-type ansi

!

-->access-list 1 deny host xxx.xxx.38.33

-->access-list 1 permit xxx.xxx38.32 0.0.0.15

-->ip nat inside source list 1 interface serial 0 overload

ip classless

-->ip route 0.0.0.0 0.0.0.0 serial 0

no ip http server

!

line con 0

exec-timeout 5 0

transport input none

line vty 0 4

password cisco

login

!

end

Regards,

Georg

xkepo · ‎04-19-2004

Hi Georg,

I really appreciate your prompt respons.

But please let me have another chance.

After adding those lines marked "-->" those PCs assigned public IP (xxx.xxx.38.34~46) still able to go to internet. Then, the question is, what are the private IPs shall I use for my PCs / computer attached to the LAN ?

How if I want to use 192.168.0.1 ~ 192.168.0.254 with mask 255.255.255.0 ? what is the gateway and DNS will be?

Regards

Alex

xkepo · ‎04-20-2004

FYI:

All IPs as stated at the configuratioan above are Public IPs.

Current status:

Only 13 PCs having public IP address from xxx.xxx.38.34 to xxx.xxx.38.46 are able to go to Internet (gateway: xxx.xxx.38.33).

Status Required:

1. Those 13 PCs above are still able to go to Internet with no changes on IP, GW, DNS.

2. Additional some PCs having address from 192.168.0.1 to 192.168.0.254 mask 255.255.255.0 required to go to Internet and recognised as xxx.xxx.38.33 which is the public IP of the Ethernet port of the Cisco 1601-R router.

Can we assign secondary IP address (private IP) to the Ethernet port (e0) to meet this requirement?

A part of the configuration will look like this:

interface Ethernet0

description Local Area Network

ip address 192.168.0.33 255.255.255.0 secondary

ip address xxx.xxx.38.33 255.255.255.240

no ip directed-broadcast

ip nat inside

no ip route-cache

Kindly please give us any suggestion to meet the requirement.

This requirement actually can be fullfiled by adding additional NAT appliance/box/router which can do Internet/IP sharing, but we have specific reason not to do that.

Regards.

Alex

xkepo · ‎04-22-2004

I tried this config, and it's work pretty well.

interface Ethernet0

description Local Area Network

ip address 192.168.0.1 255.255.255.0 secondary

ip address xxx.xxx.38.33 255.255.255.240

ip nat inside

no ip directed-broadcast

no ip route-cache

!

interface Serial0

description Link to Internet

ip address xxx.xxx.44.198 255.255.255.252

no ip directed-broadcast

encapsulation frame-relay IETF

no ip route-cache

ip nat outside

no fair-queue

frame-relay interface-dlci 217

frame-relay lmi-type ansi

!

ip nat pool POOLNAME xxx.xxx.38.34 xxx.xxx.38.34 netmask 255.255.255.240

ip nat inside source list 1 pool POOLNAME overload

ip classless

ip route 0.0.0.0 0.0.0.0 xxx.xxx.44.197

no ip http server

!

access-list 1 permit 192.168.0.0 0.0.0.255

==========================================

IP SETTING AT PCs

- ip address: 192.168.0.2 ~ 192.168.0.254

- netmask: 255.255.255.0

- gateway: 192.168.0.1

regards

aLex