Re: Configuring Cisco Router

wayne079 · ‎01-02-2019

I'm sure that this will be the place to get some help in configuring this router. Its a cisco 887.

What I would like is a config to get it running, I'm due on some Cisco courses next week, but need to get this done now.

ADSL connection running on ATM0, I want all traffic coming in from this connection to be forwarded out of fast ethernet 1 to another address on Vlan5 (10.60.0.x)

Can anyone help with a base config?

All the basic stuff is configured but im having a problem with this.

Thank you in advance!! :)

Richard Burts · ‎01-02-2019

This is a fairly unusual requirement, to have a route with an ADSL connection to outside and to want to forward all traffic coming from outside to some address inside. My first reaction is that when you want to forward all traffic you might want to use a default route. But in your case the default route needs to send traffic out the ADSL. So the best way to send all traffic from ADSL to the inside address is probably to use Policy Based Routing. If you have the basic stuff configured then post your config and we can give you some suggestions about using PBR.

HTH

Rick

HTH

Rick

wayne079 · ‎01-04-2019

Hi Richard,
Thanks for the reply.
This is my config so far.
What I want is all traffic coming in from public IP addresses (dynamic range) on ATM 0 on port 20025 to forward to a device connected on FE01 with an IP address of 10.60.0.100 which is listening on port 20025. I want the same the other way, going through the router and out of ATM0 connection. Only 20025 will be open.
I've created the ATM0 interface, the Vlan, and set the port to use this vlan.
As I said I'm a real beginner at this!!
hostname xxxxxx
interface ATM 0
pvc 0/38
pppoe-client dial-pool-number 1
no shutdown
exit

interface dialer 1
ppp ipcp route default
ppp ipcp dns request accept
ip address negotiated
ip mtu 1492
ip access-group WAN_IN in
encapsulation ppp
dialer pool 1
ppp pap sent-username xxxxxx@xxx.btclick.com password 0 xxxxxx
ppp authentication chap callin
ip nat outside
no shutdown
no cdp enable
exit

ip nat inside source static tcp 10.60.0.100 20025 interface dialer 1 20025

ip dns server

Vlan 50

interface vlan 50
ip address 10.60.0.1 255.255.255.0
ip nat inside
no shutdown
exit

interface fastethernet 1
no ip address
duplex auto
speed auto
switchport mode access
switchport access vlan 50
exit

banner exec ^C
UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
You must have explicit, authorized permission to access or configure this device.
Unauthorized attempts and actions to access or use this system may result in civil and/or
criminal penalties.
All activities performed on this device are logged and monitored.^C

paul driver · ‎01-04-2019

Hello

from the looks of it your static pat configuration is applicable

Do you have internet connectivity?

Have you tried accesss to this internal host in that port from the internet?

FYI - You would need to try access the internal host via the rtrs public allocated IP address on that specific port?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

wayne079 · ‎01-04-2019

Hi Paul, Thanks for the reply.
I don't have internet connectivity just yet. Therefore I cannot test accessing the internal host.

Richard Burts · ‎01-04-2019

In responding to the original post I thought that the solution might be PBR. But with clarification of the objective I believe that address translation specifying the protocol port is the appropriate solution.

I notice that the outside interface has an access-group filtering inbound traffic but the access list does not appear in the config that was posted. It would be helpful to see that access list.

HTH

Rick

HTH

Rick