05-23-2013 12:45 PM - edited 03-04-2019 07:59 PM
Hi All,
I am struggling to get our 887VA setup for our config.
We have a public IP range from our ISP and we have multiple servers behind our router. One of the servers need large ranges of ports open so I have ended up trying to use a ‘rotary’ nat pool which works fine but I cannot get the other servers to NAT correctly on their ports. It seems the rotary takes over.
Any help or guidance would be gratefully recived!
Here is a snip of my config.
interface Ethernet0
no ip address
shutdown
!
interface ATM0
no ip address
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
description Private LAN
no ip address
no cdp enable
!
interface FastEthernet1
no ip address
no cdp enable
!
interface FastEthernet2
no ip address
no cdp enable
!
interface FastEthernet3
no ip address
no cdp enable
!
interface Vlan1
ip address 192.168.22.1 255.255.255.0
ip flow ingress
ip nat inside
ip virtual-reassembly in
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp chap hostname xxxxxxx
ppp chap password 0 xxxxxxxxx
ppp ipcp dns request
no cdp enable
!
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
!
ip dns server
ip nat pool TServer 192.168.22.8 192.168.22.8 netmask 255.255.255.0 type rotary
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.22.4 80 82.174.233.83 80 extendable
ip nat inside source static tcp 192.168.22.4 5050 82.174.233.83 5050 extendable
ip nat inside source static tcp 192.168.22.4 6050 82.174.233.83 6050 extendable
ip nat inside source static tcp 192.168.22.4 7050 82.174.233.83 7050 extendable
ip nat inside destination list TServer pool TServer
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended TServer
permit tcp any any eq ftp
permit tcp any any eq gopher
permit tcp any any eq www
permit tcp any any eq 443
permit tcp any any range 1023 1100
permit tcp any any eq 2222
permit udp any any range 70 75
permit tcp any any range 40000 40075
permit udp any any range 40000 41000
!
access-list 1 permit 192.168.22.0 0.0.0.255
no cdp run
Many thanks
Mr T
05-24-2013 07:23 AM
Hi All,
I have got it working by using a route-map.
I am not 100% sure about all this......anyone want to comment on the suitability of my config?
!
ip dns server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static 192.168.22.8 81.174.253.82 route-map LT
ip nat inside source static tcp 192.168.22.4 80 82.174.233.83 80 extendable
ip nat inside source static tcp 192.168.22.4 5050 82.174.233.83 5050 extendable
ip nat inside source static tcp 192.168.22.4 6050 82.174.233.83 6050 extendable
ip nat inside source static tcp 192.168.22.4 7050 82.174.233.83 7050 extendable
ip nat inside source static 192.168.22.8 82.174.233.90 route-map LT
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended TServer
permit tcp any any eq ftp
permit tcp any any eq gopher
permit tcp any any eq 443
permit tcp any any range 1023 1100
permit tcp any any eq 2222
permit udp any any range 70 75
permit tcp any any range 40000 40075
permit udp any any range 40000 41000
permit tcp any any eq www
!
access-list 1 permit 192.168.22.0 0.0.0.255
no cdp run
!
route-map LT permit 10
match ip address LTServer
set interface Dialer0
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide