Re: issue regarding routing public IPs

fritz001a · ‎02-23-2013

setup:

Cisco 2651XM

from ISP

46.167.229.200/28

46.167.229.201/28

46.167.229.202/28

46.167.229.203/28

46.167.229.204/28

46.167.229.205/28

GW for all ips is 46.167.229.30

on the router I have 3 VLANS

192.168.40.0 --> fa0/1.40

192.168.50.0 --> fa0/1.50

192.168.80.0 --> fa0/1.80

interface FastEthernet0/0

description _WAN_INTERFACE_

ip address 10.74.11.24 255.255.240.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

no cdp enable

crypto map VPNMAP1

end

access-list 50 permit 192.168.50.0 0.0.0.255

ip nat pool pool50 46.167.229.200 46.167.229.200 prefix-length 28

ip nat inside source list 50 pool pool50 overload

ip nat inside source static 192.168.80.100 46.167.229.205

sh ip access-lists 50

Extended IP access list 101

10 permit ip host 192.168.50.0 0.0.0.255 any

So in my case

any attempt to allocate public IP 46.167.229.205 to 192.168.80

and

to nat 192.168.50.0 to46.167.229.200

had no success

Am I missing something ?

Any suggestion is appreciated !

fritz001a · ‎02-24-2013

After a discussion to my ISP, they told me to assign all IPS as secondary to my WAN interface...

interface FastEthernet0/0

description _WAN_INTERFACE_

ip address 46.167.229.200 255.255.255.240 secondary

ip address 46.167.229.201 255.255.255.240 secondary

ip address 46.167.229.202 255.255.255.240 secondary

ip address 46.167.229.203 255.255.255.240 secondary

ip address 46.167.229.204 255.255.255.240 secondary

ip address 46.167.229.205 255.255.255.240 secondary

ip address 10.74.17.254 255.255.240.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ok.... but from this point my knowledge are limited....

how do I map

46.167.229.200 to 192.168.50.10

46.167.229.201 to 192.168.80.100

jawad-mukhtar · ‎02-24-2013

ip nat inside source static 192.168.50.10 46.167.229.200

ip nat inside source static 192.168.80.100 46.167.229.201

*** Do Rate Helpful Posts***

Jawad

fritz001a · ‎02-24-2013

Thanks

here I found another alternative

ip nat inside source static 192.168.50.10 46.167.229.200 route-map tointernet0

ip nat inside source static 192.168.80.100 46.167.229.201 route-map tointernet1

route-map tointernet0, permit, sequence 10

Match clauses:

ip address (access-lists): 2001

route-map tointernet1, permit, sequence 10

Match clauses:

ip address (access-lists): 2001

but ...

I have 2 SMTP server running on those internal ips 192.168.50.10 and 192.168.80.100

they can communicate with external smtp servers but not eachothers

to be more precisely:

internal machine 192.168.50.10 --> ping 46.167.229.200 OK ; telnet to pot 25 failed

from internet --> ping 46.167.229.200 OK ; telnet to pot 25 OK

is something I don't get it ...

jawad-mukhtar · ‎02-25-2013

Just imagine you are on inside and telneting ip which you have natted on router exist there and that natted ip is mapped with your internal ip. I think so you can telnet that ip using local ip when your are at internal machine.

From public u can telnet it on pubic ip.

Jawad

fritz001a · ‎02-25-2013

ok....

but what about this case

SMTP1 listening on public IP1 <--> SMTP2 listening on public IP2 ( delivery failure:

deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1))

however SMTP1/2 can send/receive messages w/o any issue to outside world.....

so back to my pb

internal ip1 --> telnet to assigned public IP1 failed ....

fritz001a · ‎02-28-2013

managed to fix the pb.

looks like I had a DNS issue

thanks for support !