887VA NAT port range and multiple servers

trustedit · ‎05-23-2013

Hi All,

I am struggling to get our 887VA setup for our config.

We have a public IP range from our ISP and we have multiple servers behind our router. One of the servers need large ranges of ports open so I have ended up trying to use a ‘rotary’ nat pool which works fine but I cannot get the other servers to NAT correctly on their ports. It seems the rotary takes over.

Any help or guidance would be gratefully recived!

Here is a snip of my config.

interface Ethernet0
no ip address
shutdown
!
interface ATM0
no ip address
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
description Private LAN
no ip address
no cdp enable
!
interface FastEthernet1
no ip address
no cdp enable
!
interface FastEthernet2
no ip address
no cdp enable
!
interface FastEthernet3
no ip address
no cdp enable
!
interface Vlan1
ip address 192.168.22.1 255.255.255.0
ip flow ingress
ip nat inside
ip virtual-reassembly in
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp chap hostname xxxxxxx
ppp chap password 0 xxxxxxxxx
ppp ipcp dns request
no cdp enable
!
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
!
ip dns server
ip nat pool TServer 192.168.22.8 192.168.22.8 netmask 255.255.255.0 type rotary

ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.22.4 80 82.174.233.83 80 extendable
ip nat inside source static tcp 192.168.22.4 5050 82.174.233.83 5050 extendable
ip nat inside source static tcp 192.168.22.4 6050 82.174.233.83 6050 extendable
ip nat inside source static tcp 192.168.22.4 7050 82.174.233.83 7050 extendable
ip nat inside destination list TServer pool TServer
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended TServer
permit tcp any any eq ftp
permit tcp any any eq gopher
permit tcp any any eq www
permit tcp any any eq 443
permit tcp any any range 1023 1100
permit tcp any any eq 2222
permit udp any any range 70 75
permit tcp any any range 40000 40075
permit udp any any range 40000 41000
!
access-list 1 permit 192.168.22.0 0.0.0.255
no cdp run

Many thanks

Mr T

trustedit · ‎05-24-2013

Hi All,

I have got it working by using a route-map.

I am not 100% sure about all this......anyone want to comment on the suitability of my config?

!

ip dns server

ip nat inside source list 1 interface Dialer0 overload

ip nat inside source static 192.168.22.8 81.174.253.82 route-map LT

ip nat inside source static tcp 192.168.22.4 80 82.174.233.83 80 extendable

ip nat inside source static tcp 192.168.22.4 5050 82.174.233.83 5050 extendable

ip nat inside source static tcp 192.168.22.4 6050 82.174.233.83 6050 extendable

ip nat inside source static tcp 192.168.22.4 7050 82.174.233.83 7050 extendable

ip nat inside source static 192.168.22.8 82.174.233.90 route-map LT

ip route 0.0.0.0 0.0.0.0 Dialer0

!

ip access-list extended TServer

permit tcp any any eq ftp

permit tcp any any eq gopher

permit tcp any any eq 443

permit tcp any any range 1023 1100

permit tcp any any eq 2222

permit udp any any range 70 75

permit tcp any any range 40000 40075

permit udp any any range 40000 41000

permit tcp any any eq www

!

access-list 1 permit 192.168.22.0 0.0.0.255

no cdp run

!

route-map LT permit 10

match ip address LTServer

set interface Dialer0