Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1764
Views
0
Helpful
6
Replies

Cisco 1841 Configuration

christian.magsombol
Level 1
Level 1

‎01-06-2017 08:46 AM - edited ‎03-08-2019 08:49 AM

Good morning!

I'm new to Cisco and im trying to configure a Cisco 1841. Below are the details:

  1. ISP Information
    • WAN IP Block: 116.50.224.xx/30
      • ISP Side IP: 116.50.224.xx
    • LAN IP Block: 116.50.160.xx/29
      • Gateway IP: 116.50.160.xx
      • Usable IPs: 116.50.160.xx-xx
  2. FastEthernet0/1 - Faces the ISP (WAN Connection)
  3. FastEthernet0/0 - Faces LAN (Configured with Primary and Secondary IP)
  4. Router Config

-----------------------------------------------------------------------------------------------------------------------------

Current configuration : 1605 bytes
!
! Last configuration change at 01:30:18 UTC Thu Dec 22 2016 by Rajah
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RAJAH-EASTERN-MANILA
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$RZ7/$fE/B5cafU1fA/ruBigiWT0
!
no aaa new-model
ip source-route
!
!
!
!
ip cef
ip domain name yourdomain.com
ip name-server 203.167.97.66
ip name-server 203.167.97.200
multilink bundle-name authenticated
!
!
license udi pid CISCO1841 sn FHK145172BC
username rajah password 0 Rajah@123
!
!
!
!
!
!
interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$
 ip address 192.168.253.1 255.255.255.0 secondary
 ip address 116.50.160.xx 255.255.255.248
 ip nat inside
 ip virtual-reassembly
 speed 100
 full-duplex
!
interface FastEthernet0/1
 ip address 116.50.224.xx 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 speed 100
 full-duplex
!
ip forward-protocol nd
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 10 interface FastEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 116.50.224.xx
!
access-list 10 permit any
!
!
control-plane
!
banner motd ^CRAJAH TRAVEL^C
!
line con 0
 exec-timeout 5 0
 password cisco
 logging synchronous
 login local
line aux 0
 password cisco
 logging synchronous
 login
line vty 0 4
 access-class 23 in
 privilege level 15
 password cisco
 logging synchronous
 login
 transport input telnet
!
scheduler allocate 20000 1000
end

-----------------------------------------------------------------------------------------------------------------------------

Problems:

  1. I cannot use Telnet from any public network to configure the router (116.50.224.118)
    • I can ping this IP from any public network though
  2. I cannot ping devices configured with the LAN IP Block (116.50.160.91-94) from any public network.
    • The devices I'm talking about are all configured with 116.50.160.90 as they're default gateway
    • These devices are all working fine in terms of accessing the internet

Additional Details

  1. Topology
    • Router (1841) > Switch (No VLAN) > devices

I'm missing a bunch of things here. I appreciate all help I can get.

Thank you.

Labels:
0 Helpful
6 Replies 6

Sam Smiley
Level 3
Level 3

‎01-06-2017 11:03 AM

You did not mention whether or not telnet works on the inside interface; chances are it doesn't work there either however. The following command should get telnet working on both ends:

aaa new-model!
aaa authorization exec default local
aaa session-id common

Getting to the public subnet is going to be a much more complicated issue. You have NAT enabled on the inside and outside interface. Assigning the public subnet as you have will not work; the router will NAT anything going into fa0/1. If you were to assign a port translation for the public addresses that would work, however any traffic coming out of the router will come out as 116.50.224.118 due to the NAT process. This generally isn't the desired result. You will need to create NAT pools that are assigned to the public addresses and translate those back to a machine with a private address on the LAN. Here is an old post of mine that describes how to do that:

https://supportforums.cisco.com/discussion/11738651/multiple-wan-ip-addresses-and-multiple-inside-hosts

Cheers,

Sam

0 Helpful

christian.magsombol
Level 1
Level 1
In response to Sam Smiley

‎01-06-2017 12:34 PM

Hi Sam,

Thanks for the reply. But I still have a few more questions.

1. Do I still need that 116.50.160.90 be configured as a secondary interface in my FE0/0?

2. What IP address should I configure on the one server I'm trying to configure (the one im trying to ping from the outside)?

3. And if i'm lucky, can you give me a config of what needs to be there to accomplish this. I've seen your old post but i'm having a hard time understanding it as i'm still new to this. 

Thank you very much, Sam.

0 Helpful

Sam Smiley
Level 3
Level 3
In response to christian.magsombol

‎01-06-2017 01:42 PM

Hi Christian,

You will assign a private address to fa0/0, this can be any private IP address  192.168.253.1 that you currently have will be fine.  Your 116.50.160.90 block will be assigned in the NAT pools, that is they don't need to be assigned to an interface for this to work.

You should assign a private IP address to the server that corresponds to the NAT pool that you want to assign to that server. From my old post:

The secret to making this work is building the access list correctly, what I generally will do is I will create a private address space on the lan to assign each public address to, for instance I will segment the network into blocks of 16 private addresses to each public address except for the default pool which is generally what is left over. For instance I will segment the network like this:

10.10.10.17 - 10.10.10.31 assigned to 116.50.160.89
10.10.10.33 - 10.10.10.47 assigned to 116.50.160.90
10.10.10.49 - 10.10.10.63 assigned to 116.50.160.91
10.10.10.65 - 10.10.10.79 assigned to 116.50.160.92
10.10.10.81 - 10.10.10.254 assigned to 116.50.160.93 <-------.

Assign the server an IP address within the range so that it will be assigned the public address you want. This can be a complicated config, especially to someone new. I have attached a working config for you from an old 2600.

Cheers,

Sam

Preview file
12 KB
0 Helpful

Tausif Gaddi
Level 1
Level 1
In response to Sam Smiley

‎01-08-2017 07:38 PM

Hi,

Please try configuring it using guidelines suggested on mentioned link.

http://www.cisco.com/c/en/us/td/docs/routers/access/1800/1841/hardware/quick/guide/1800qsg.pdf

0 Helpful

christian.magsombol
Level 1
Level 1
In response to Sam Smiley

‎01-09-2017 12:25 PM

Thanks SAM.

It's working for me now.

1. I deleted the public IP from my fa0/0 interface

2. I added this command:

    • ip nat inside source static tcp 192.168.1.xxx Port 116.50.160.xx Port

The service we are trying to use from outside can now get information from the server we set with the 192 IP address.

Thank you for your help.

It's now working but let me know if this command might cause me some security issues on my network.

0 Helpful

Sam Smiley
Level 3
Level 3
In response to christian.magsombol

‎01-09-2017 01:28 PM

Hi Christian,

Glad it all worked out, there are no security concerns from the point of the router. It is simply translating that port back to a server on the given port. The security concern at that point lies with the server and the application at that point.

Cheers,

Sam

0 Helpful
Customers Also Viewed These Support Documents