08-14-2006 01:37 AM - edited 03-05-2019 12:00 PM
OK currently the network is setup as follows:
Zyxel SHDSL Router --> Linksys Router --> 10/100 Switch --> PC's
x.x.x.145/28__________x.x.x.146/28____________________192.168.1.0/24
The Linksys router is running inbound one-to-many PAT (eg. x.x.x.146:80 --> 192.168.1.10:8080)
I'm looking to replace the setup with a Cisco 1841 router. Now normally I would configure the DSL interface as unnumbered to the internal LAN interface and use my public IP addys on this segment then passing through a PIX to NAT into private IP addys.
The problem I have is I want the 1841 to be an all in one box performing DSL, Firewall and NAT functions.
Now I thought I would configure the DSL as unnumbered to FastEthernet0/0 adding a secondary IP address of x.x.x.146/28. Interface configured as NAT outside.
Interface FastEthernet0/1 was configured with 192.168.1.1/24 with NAT inside and connected to the switch.
The problem was is that the FastEthernet0/0 interface line protocol was down as there was no need to connect it to anything.
I then tried assigning the dialer interface a static IP of x.x.x.145/28 and x.x.x.146/28 as a secondary IP running NAT outside. I tried again but during boot up the router said you cant assign a secondary IP to the dialer interface.
So my question is, how would you recommend setting up the interfaces to enable the router to have both x.x.x.145 and 146/28 as public IP's and NAT x.x.x.146:80 to 192.168.1.10:8080?
Any help much appreciated.
08-14-2006 03:55 AM
Hi
Pls clarify following :
(1)Is your DSL is terminating on Zyxel or Cisco?
(2)You are trying to configure the router through "setup"
(3)You are getting a dynamic IP from your ISP or a pool?
(4)CAn you give the config of router?
Regards
JD
08-14-2006 05:20 AM
Hello,
I am thinking you could configure a Loopback interface, configure that interface as NAT outside, and then assign your x.x.x.146 address to that interface. Then, make a static NAT entry for your internal address with the Loopback address as the outside address, e.g.:
interface Loopack0
ip address x.x.x.146 y.y.y.y
ip nat outside
!
ip nat inside source static tcp 80 192.168.x.x x.x.x.146 80 extendable
Regards,
GNT
08-14-2006 06:51 AM
hi, I have read somewhere on here that using public IP's on loopback interfaces for routing and NAT purposes can cause problems. If this is true or not I cant say but I will give it a go.
08-14-2006 06:44 AM
Answers:
1) DSL is terminating in the 1841 on a SHDSL WIC
2) No
3) IP is negotiated
4) Below is a config which I believe should work. Any recommended amendments?
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname trackgw
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
username cisco privilege 15 secret xxx
!
!
controller DSL 0/0/0
mode atm
line-term cpe
dsl-mode SHDSL symmetric annex B
line-rate AUTO
!
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface ATM0/0/0
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer1
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
encapsulation ppp
no cdp enable
ppp authentication chap callin
ppp chap hostname username
ppp chap password 0 password
ppp ipcp dns request
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
ip http authentication local
!
ip nat inside source list nat-acl interface Dialer1 overload
ip nat inside source static tcp 192.168.1.10 8080 x.x.x.146 80
!
ip access-list extended nat-acl
permit ip 192.168.1.0 0.0.0.255 any
!
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
line con 0
logging synchronous
login local
transport output all
line aux 0
transport output all
line vty 0 4
privilege level 15
login local
transport input telnet
!
scheduler max-task-time 5000
end
08-14-2006 07:02 AM
Hi
I believe that your need is to have to configure dynamic and static NAT simultaneously.
http://www.cisco.com/warp/public/556/9.html
Regards
JD
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide