Solved: Re: Configuring 1721 with NAT

ricadri640 · ‎06-26-2007

Hello,

I have to configure a cisco 1721 with NAT

this is the config :

sh run

Building configuration...

Current configuration : 1899 bytes

!

version 12.3

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname ByPass_LinkProof

!

enable secret 5 ##############

!

no aaa new-model

ip subnet-zero

!

no ip domain lookup

!

ip cef

!

interface FastEthernet0

ip address 192.168.152.2 255.255.255.0

ip nat inside

speed 100

full-duplex

!

interface FastEthernet1

switchport access vlan 2

no ip address

!

interface FastEthernet2

switchport access vlan 3

no ip address

!

interface FastEthernet3

switchport access vlan 4

no ip address

!

interface FastEthernet4

switchport access vlan 5

no ip address

!

interface Vlan1

no ip address

shutdown

!

interface Vlan2

ip address <Pub Address 1> 255.255.255.248

ip nat outside

!

interface Vlan3

ip address <Pub Address 2> 255.255.255.240

!

interface Vlan4

ip address <Pub Address 3> 255.255.255.248

!

interface Vlan5

ip address <Pub Address 4> 255.255.255.248

!

ip nat inside source list 1 interface Vlan2 overload

ip nat inside source static 192.168.151.3 <Pub Address 5>

ip nat inside source static 192.168.151.4 <Pub Address 6>

ip classless

ip route 0.0.0.0 0.0.0.0 <NHR Address 1>

ip route 10.242.0.0 255.255.0.0 192.168.152.1

ip route 192.168.150.0 255.255.255.0 192.168.152.1

ip route 192.168.151.0 255.255.255.0 192.168.152.1

no ip http server

!

access-list 1 permit any

access-list 101 permit tcp any any eq www

access-list 101 permit tcp any any eq domain

access-list 101 permit tcp any any eq 3101

access-list 101 permit tcp any any eq smtp

access-list 101 permit tcp any any eq pop3

access-list 101 permit tcp any any eq 443

access-list 101 permit tcp any any eq 22

access-list 101 permit tcp any any eq 995

access-list 101 deny tcp any any

access-list 102 deny tcp any eq 445 host 192.168.0.103

access-list 102 permit tcp any any

!

line con 0

line aux 0

line vty 0 4

password #####

login

!

no scheduler allocate

!

end

ByPass_LinkProof#

The Vlans 3 4 and 5 are note used for the momment.

when he router is connecter I can ping an internet ip on the router, but not inside the network.

thanks for your help.

paolo bevilacqua · ‎06-26-2007

Hi, please change access-list 1 to include all the subnets "inside" that you want to go on the Internet and no not use the "permit any". After that, try telnet from internet to outside interface. If it fails, you will an extended-access list instead of standard one.

Hope this helps, please rate post if it does!

View solution in original post

paolo bevilacqua · ‎06-26-2007

Hi, please change access-list 1 to include all the subnets "inside" that you want to go on the Internet and no not use the "permit any". After that, try telnet from internet to outside interface. If it fails, you will an extended-access list instead of standard one.

Hope this helps, please rate post if it does!

ricadri640 · ‎06-26-2007

Ok thanks, it works well.

paolo bevilacqua · ‎06-26-2007

Glad to know, thanks for the nice rating, and good luck!