Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
405
Views
0
Helpful
3
Replies

NAT to Net Works - Route to DMZ fails - WHY?

jerry.roy
Level 1
Level 1

‎10-29-2004 09:55 PM - edited ‎03-02-2019 07:38 PM

NAT to Net Works - Route to DMZ fails - WHY?

Can you see a problem with this config? I can get to only a few servers on my DMZ. Some respond and others wont.

version 12.3

no parser cache

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

!

hostname LFL-1711-LAN

!

boot-start-marker

boot system flash c1700-k9o3sy7-mz.123-7.T.bin

boot-end-marker

!

logging buffered 51200 warnings

!

username admin password 1234

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

aaa new-model

!

!

aaa authentication login ssh local

aaa session-id common

ip subnet-zero

!

!

no ip domain lookup

ip domain name forless.com

ip dhcp excluded-address 192.168.1.1 192.168.1.20

!

ip dhcp pool 192.168.1.0/24

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

domain-name forless.com

dns-server 63.147.112.162 204.8.143.122 63.145.181.67 63.145.181.77

!

!

ip cef

ip audit po max-events 100

no vlan accounting

no ftp-server write-enable

!

!

!

!

!

no crypto isakmp enable

!

!

!

interface FastEthernet0

Description INTERNET

ip address 67.100.97.194 255.255.255.248

ip access-group Wan_2_Local in

ip nat outside

duplex auto

speed auto

no cdp enable

!

interface FastEthernet1

switchport access vlan 2

no ip address

no cdp enable

!

interface FastEthernet2

switchport access vlan 2

no ip address

no cdp enable

!

interface FastEthernet3

switchport access vlan 3

no ip address

no cdp enable

!

interface FastEthernet4

switchport access vlan 3

no ip address

no cdp enable

!

interface Vlan2

Description DMZ

ip address 63.145.181.66 255.255.255.224

!

interface Vlan3

Description LAN

ip address 192.168.1.1 255.255.255.0

ip nat inside

!

interface Vlan1

description $ETH-SW-LAUNCH$

no ip address

ip tcp adjust-mss 1452

!

interface Async1

no ip address

!

ip classless

ip route 0.0.0.0 0.0.0.0 67.100.97.193

ip route 10.10.0.64 255.255.255.224 63.145.181.65

ip route 10.10.10.64 255.255.255.224 63.145.181.65

no ip http server

ip http authentication local

no ip http secure-server

ip nat inside source list NAT interface FastEthernet0 overload

!

!

!

ip access-list extended NAT

permit ip 192.168.1.0 0.0.0.255 any

no cdp run

Labels:
0 Helpful
3 Replies 3

dbellazetin
Level 4
Level 4

‎10-30-2004 11:27 PM

Is the access problem from the internet, internally or both?

I see that you have an ACL applied to your internet interface but it is not in the config.

You may want to double check the default gateway's on the server's in your DMZ.

Daniel

0 Helpful

jerry.roy
Level 1
Level 1
In response to dbellazetin

‎11-04-2004 02:35 PM

Default Gateways are all correct. No problem with a Linux Masquerading FW which this 1711 is replacing.

0 Helpful

prafuljaded
Level 3
Level 3
In response to jerry.roy

‎11-05-2004 06:01 AM

Check for some log messages on the router when u initiate traffic from/to DMZ. verify if NAT is happening properly each time.

Praful

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card