10-29-2004 09:55 PM - edited 03-02-2019 07:38 PM
NAT to Net Works - Route to DMZ fails - WHY?
Can you see a problem with this config? I can get to only a few servers on my DMZ. Some respond and others wont.
version 12.3
no parser cache
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname LFL-1711-LAN
!
boot-start-marker
boot system flash c1700-k9o3sy7-mz.123-7.T.bin
boot-end-marker
!
logging buffered 51200 warnings
!
username admin password 1234
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa authentication login ssh local
aaa session-id common
ip subnet-zero
!
!
no ip domain lookup
ip domain name forless.com
ip dhcp excluded-address 192.168.1.1 192.168.1.20
!
ip dhcp pool 192.168.1.0/24
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
domain-name forless.com
dns-server 63.147.112.162 204.8.143.122 63.145.181.67 63.145.181.77
!
!
ip cef
ip audit po max-events 100
no vlan accounting
no ftp-server write-enable
!
!
!
!
!
no crypto isakmp enable
!
!
!
interface FastEthernet0
Description INTERNET
ip address 67.100.97.194 255.255.255.248
ip access-group Wan_2_Local in
ip nat outside
duplex auto
speed auto
no cdp enable
!
interface FastEthernet1
switchport access vlan 2
no ip address
no cdp enable
!
interface FastEthernet2
switchport access vlan 2
no ip address
no cdp enable
!
interface FastEthernet3
switchport access vlan 3
no ip address
no cdp enable
!
interface FastEthernet4
switchport access vlan 3
no ip address
no cdp enable
!
interface Vlan2
Description DMZ
ip address 63.145.181.66 255.255.255.224
!
interface Vlan3
Description LAN
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
interface Vlan1
description $ETH-SW-LAUNCH$
no ip address
ip tcp adjust-mss 1452
!
interface Async1
no ip address
!
ip classless
ip route 0.0.0.0 0.0.0.0 67.100.97.193
ip route 10.10.0.64 255.255.255.224 63.145.181.65
ip route 10.10.10.64 255.255.255.224 63.145.181.65
no ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list NAT interface FastEthernet0 overload
!
!
!
ip access-list extended NAT
permit ip 192.168.1.0 0.0.0.255 any
no cdp run
10-30-2004 11:27 PM
Is the access problem from the internet, internally or both?
I see that you have an ACL applied to your internet interface but it is not in the config.
You may want to double check the default gateway's on the server's in your DMZ.
Daniel
11-04-2004 02:35 PM
Default Gateways are all correct. No problem with a Linux Masquerading FW which this 1711 is replacing.
11-05-2004 06:01 AM
Check for some log messages on the router when u initiate traffic from/to DMZ. verify if NAT is happening properly each time.
Praful
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide