04-16-2010 05:24 AM - edited 03-04-2019 08:11 AM
Hi all,
I have a problem and i don't know how to solve it. I need all requests arriving on the WAN interface of R2 with 22,80.800 and 843 ports are redirected to the address 192.168.0.91. Here is my configuration and topology:
access-list 110 permit tcp any host 213.190.2.182 eq 22
access-list 110 permit tcp any host 213.190.2.182 eq www
access-list 110 permit tcp any host 213.190.2.182 eq 800
access-list 110 permit tcp any host 213.190.2.182 eq 843
ip nat outside source static 213.190.2.182 192.168.0.91
interface FastEthernet0/0
ip address 192.168.0.2 255.255.255.128 secondary
ip address 192.168.1.30 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex half
speed auto
!
!
interface GigabitEthernet1/0
ip address 213.190.2.182 255.255.255.0
ip nat outside
ip virtual-reassembly
negotiation auto
when I type the command "sh ip nat translations", this is the result:
Pro Inside global Inside local Outside local Outside global
--- --- --- 192.168.0.91 213.190.2.182
Anyone know what I'm doing wrong?
Thanks
Solved! Go to Solution.
04-16-2010 03:04 PM
the R2 config now:
interface FastEthernet0/0
ip address 192.168.0.2 255.255.255.128 secondary
ip address 192.168.1.30 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex half
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet1/0
ip address 213.190.2.182 255.255.255.0
ip access-group 110 in
ip nat outside
ip virtual-reassembly
negotiation auto
!
interface GigabitEthernet2/0
no ip address
shutdown
negotiation auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source static tcp 192.168.0.91 843 interface GigabitEthernet1/0 843
ip nat inside source static tcp 192.168.0.91 800 interface GigabitEthernet1/0 800
ip nat inside source static tcp 192.168.0.91 80 interface GigabitEthernet1/0 80
ip nat inside source static tcp 192.168.0.91 22 interface GigabitEthernet1/0 22
!
access-list 110 permit icmp any host 213.190.2.182
access-list 110 permit tcp any host 213.190.2.182 eq 22
access-list 110 permit tcp any host 213.190.2.182 eq www
access-list 110 permit tcp any host 213.190.2.182 eq 800
access-list 110 permit tcp any host 213.190.2.182 eq 843
!
04-20-2010 12:51 AM
Hi Halijenn,
I'm so sorry but I was wrong with my topology and I could not explain to me what I needed. Fisrt, i was not understood well the secondary ip feature. Second, only needed a NAT ip LAN to WAN IP and map the ports 22, 80, 800 and 843 to the ip 192.168.0.91 which is the gateway 192.168.0.2 secondary ip. Three, did not need the access list. Sorry to waste your time, I appreciate your help as they can see I was wrong. Add tehe right topology and config.
Thanks
04-20-2010 03:49 AM
I don't think you can connect 2 routers with 1 router using the primary ip address to connect to another router using the secondary ip address in the same subnet.
Currently on R1 (fa0/0) primary address is 192.168.0.91, and R2 (fa0/0) primary address is 192.168.1.30 - they are not in the same subnet. Both primary addresses need to be in the same subnet, then you can configure secondary addresses as follows:
On R1:
interface fa0/0
ip address 192.168.0.91 255.255.255.0
ip address 192.168.1.31 255.255.255.0 secondary
On R2:
interface fa0/0
ip address 192.168.0.2 255.255.255.0
ip address 192.168.1.30 255.255.255.0 secondary
04-20-2010 04:39 AM
Hi,
ok, I think that I have not explained well. R1 is a server that must be accessible only by attacking the ports 22, 80, 800 and 843. The configuration is as follows:
interface FastEthernet0/0
ip address 192.168.0.2 255.255.255.128 secondary
ip address 192.168.1.30 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
speed 100
full-duplex
!
interface Serial0/0:0
bandwidth 2048
ip address 213.190.2.182 255.255.255.252
no ip redirects
no ip proxy-arp
ip nat outside
encapsulation ppp
load-interval 30
no fair-queue
serial restart-delay 0
no cdp enable
!
ip nat inside source static tcp 192.168.0.91 843 interface Serial0/0:0 843
ip nat inside source static tcp 192.168.0.91 800 interface Serial0/0:0 800
ip nat inside source static tcp 192.168.0.91 80 interface Serial0/0:0 80
Do you think this is the most appropriate to do so or is there another?
Thanks
04-20-2010 04:49 AM
The static nat statements are correct, but as advised earlier, the ip addressing configured on the router is not correct.
Both R1 and R2 needs to have primary ip address in the same subnet.
04-28-2010 12:47 AM
Hi,
We are experiencing low speed problems in this router and are starting to think that may be due to not being properly implemented feature secondary ip.
Add our topoloy; apparently is working correctly and our client receives no delays or packet loss. Do you think it may be due to the design of the network? Does anyone believe they could improve?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide