Nat 1841 router to public

binoyjosephstanly · ‎01-30-2007

hi all,

i ve an 1841 router with wic-1T which is holding one public ip,and fast ethernet0/0 also having public ip and its connecting to ASA box.

now i want to connect a device say 10.10.10.5/24 to outside world to access internet, and i ve one public ip free, so im planning to connect this devise to fa0/1 and want to access internet.

how can i achieve this. lets say my device is 10.10.10.5/24 and my fa0/1 10.10.10.1/24 my public ip lets say 212.72.2.180 how can i map this and connect to internet.

i will rate all the posts

Binoy

lgijssel · ‎01-30-2007

You should connect the device on the asa-inside and use port translation like in the example mail server below:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806745b8.shtml

Other ASA config tips can be found at:

http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html

Regards,

Leo

binoyjosephstanly · ‎01-30-2007

my device is not a part of inside network its stand alone one thats y i want to connect it directly to router's 2nd port and i've public ip also free, pls chk my previous post.

Binoy

Jon Marshall · ‎01-30-2007

Hi Binoy

1) under your fa0/1 interface enter "ip nat inside"

2) under the interface you want the traffic to go out on (fa0/0 ???) enter "ip nat outside"

3) In config mode enter "ip nat inside source static 10.10.10.5 212.72.2.180"

HTH

Jon

binoyjosephstanly · ‎01-30-2007

hi jon tnxs for your reply.

ill explain the existing set up. only one 1841 router with 1 port serial card lets say

se0/0 and ip is 212.72.2.195 which is connecting to isp and my fa0/0 lets say 212.72.2.181 and its connecting to my ASA 5510 ip lets say 212.72.2.182. and the free ip address is 212.72.2.180

my config wil be like under fa0/1

ip address 10.10.10.1/24

ip nat inside.

and under se0/0

-if)#ip nat otside.

and in config)#ip nat inside source static 10.10.10.5 212.72.2.180

this is the config reqd rt. but it will not disturb my existing ASA 5510 setup rt?.

Binoy

Jon Marshall · ‎01-30-2007

Hi Binoy

Yes these commands should work and they should not disturb exisiting ASA setup but you should always make these sort of changes out of hours just in case.

Is there a particular reason why you don't want this server on the inside of your ASA. The other solution is use a hub/switch between your inside interface of your 1841 and the external interface of the pix and then address the server with the public ip address - no need for NAT.

HTH

Jon

binoyjosephstanly · ‎01-30-2007

ok jon this is basically my antispam module on the ASA the 10.10.10.5/24 for receiving the updates.

if you can suggest a good solution i ll appreciate that.

Regds

Binoy

Jon Marshall · ‎01-30-2007

Hi Binoy

If you have any spare interfaces on the ASA then you could put it there. It depends on how much protection you want for the device.

You can attach it to the router but then you won't have a firewall protecting it just a stateless access-list. It comes down to which directions the connections to and from this server will be initiated. And whether this server will have to talk to clients on the inside of your ASA device.

So if connections are initiated from the Internet to this device you definitely don't want it on the inside of your ASA device.

HTH

Jon