05-05-2012 01:19 AM - edited 03-04-2019 04:16 PM
Equipments:
1. I have 5 workstations with 2 servers but the backup server (black) is shut down intentionally.
2. I have 1 cisco gigabit unmanaged 8 port switch and 1 cisco 1941 vpn router.
Scenario:
The cisco 1941 vpn router is configured for IPVPN connection to other branches.
Challenge:
1. Configure NAT to enable the 5 workstations to be connected to the internet thru the router to the ISP.
2. Configure NAT to enable the server to be accessed from outside using the public IP address provided by the ISP.
Workstation Settings: (sample workstation)
IP Address: 10.71.5.3
Subnet mask: 255.255.255.0
Default GW: 10.71.5.1
Cisco 1941 VPN Router settings:
GE0/0 : 10.71.5.1
GE0/1 : 24.6.18.222
Serial : 192.168.15.2
IP Route: 192.168.15.1 (configured thru CLI)
ISP settings from modem router with wifi:
Public IP: 24.6.18.221 (WAN IP Address)
Default GW: 24.6.18.1
Device IP Address : 10.71.5.100 255.255.255.0 (dhcp on wifi)
NAT configuration: (I have configured the following)
int ge0/0
ip nat inside
int ge0/1
ip nat outside
ip access-list INTERNET_ACCESS
permit 10.71.5.0 0.0.0.255
ip nat inside source list INTERNET_ACCESS interface ge0/1 overload
ip nat inside source static 10.71.5.2 interface ge0/1
Actual Configuration: (the above commands were removed because it wasn't working)
Building configuration...
Current configuration : 1887 bytes
!
! Last configuration change at 03:46:50 UTC Sat May 5 2012
! NVRAM config last updated at 03:50:52 UTC Sat May 5 2012
! NVRAM config last updated at 03:50:52 UTC Sat May 5 2012
version 15.1
service config
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Test
!
boot-start-marker
boot-end-marker
!
!
enable password ********************
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO1941/K9
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description LINE TO SWITCH
ip address 10.71.5.1 255.255.255.0
duplex full
speed 1000
!
interface GigabitEthernet0/1
description LINE TO INTERNET
ip address 24.6.18.222 255.255.255.254
no ip address
duplex full
speed auto
!
interface Serial0/0/0
no ip address
encapsulation frame-relay IETF
frame-relay lmi-type ansi
!
interface Serial0/0/0.1 point-to-point
ip address 192.168.15.2 255.255.255.252
frame-relay interface-dlci 45
!
interface Serial0/0/1
no ip address
shutdown
clock rate 2000000
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.15.1
!
!
!
!
control-plane
!
!
line con 0
password ***************
login
line aux 0
password ***************
login
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
exec-timeout 0 0
password ********************
logging synchronous
login
transport input all
!
scheduler allocate 20000 1000
end
Verification:
1. I can ping other pc on 10.71.5.0/24 network.
2. When I typed in the ISP's public ip address on the browser, i got into the modem user interface for configuration.
Problem:
1. I still can't connect to the internet. When i do tracert, it stops on the 192.168.15.1 hop and didnt continue. This shouldn't be the case since i want to connect using the GE0/1 outside port for the internet.
Guyz, please help. Thank you.
(NOTE: IP addresses are not the actual addresses.)
05-05-2012 01:49 AM
When I was configuraing NAT (which doesn't work), the NVI0 interface appears with ip address assigned same with the router. is this necessary? how can i remove this interface?
2. When I typed in the ISP's public ip address on the browser, i got into the modem user interface for configuration.
^ this should be pointed into the web server based on my nat configuration..
Please help guys. Im trying my best. Hope someone can guide me on this. Thanks in advance.