Re: Cisco 1841 with 2 public WAN IP's and NAT

N_Martin · ‎08-14-2006

OK currently the network is setup as follows:

Zyxel SHDSL Router --> Linksys Router --> 10/100 Switch --> PC's

x.x.x.145/28__________x.x.x.146/28____________________192.168.1.0/24

The Linksys router is running inbound one-to-many PAT (eg. x.x.x.146:80 --> 192.168.1.10:8080)

I'm looking to replace the setup with a Cisco 1841 router. Now normally I would configure the DSL interface as unnumbered to the internal LAN interface and use my public IP addys on this segment then passing through a PIX to NAT into private IP addys.

The problem I have is I want the 1841 to be an all in one box performing DSL, Firewall and NAT functions.

Now I thought I would configure the DSL as unnumbered to FastEthernet0/0 adding a secondary IP address of x.x.x.146/28. Interface configured as NAT outside.

Interface FastEthernet0/1 was configured with 192.168.1.1/24 with NAT inside and connected to the switch.

The problem was is that the FastEthernet0/0 interface line protocol was down as there was no need to connect it to anything.

I then tried assigning the dialer interface a static IP of x.x.x.145/28 and x.x.x.146/28 as a secondary IP running NAT outside. I tried again but during boot up the router said you cant assign a secondary IP to the dialer interface.

So my question is, how would you recommend setting up the interfaces to enable the router to have both x.x.x.145 and 146/28 as public IP's and NAT x.x.x.146:80 to 192.168.1.10:8080?

Any help much appreciated.

desai.jaideep · ‎08-14-2006

Hi

Pls clarify following :

(1)Is your DSL is terminating on Zyxel or Cisco?

(2)You are trying to configure the router through "setup"

(3)You are getting a dynamic IP from your ISP or a pool?

(4)CAn you give the config of router?

Regards

JD

globalnettech · ‎08-14-2006

Hello,

I am thinking you could configure a Loopback interface, configure that interface as NAT outside, and then assign your x.x.x.146 address to that interface. Then, make a static NAT entry for your internal address with the Loopback address as the outside address, e.g.:

interface Loopack0

ip address x.x.x.146 y.y.y.y

ip nat outside

!

ip nat inside source static tcp 80 192.168.x.x x.x.x.146 80 extendable

Regards,

GNT

N_Martin · ‎08-14-2006

hi, I have read somewhere on here that using public IP's on loopback interfaces for routing and NAT purposes can cause problems. If this is true or not I cant say but I will give it a go.

N_Martin · ‎08-14-2006

Answers:

1) DSL is terminating in the 1841 on a SHDSL WIC

2) No

3) IP is negotiated

4) Below is a config which I believe should work. Any recommended amendments?

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname trackgw

!

boot-start-marker

boot-end-marker

!

no aaa new-model

!

resource policy

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

ip cef

!

no ip dhcp use vrf connected

!

username cisco privilege 15 secret xxx

!

controller DSL 0/0/0

mode atm

line-term cpe

dsl-mode SHDSL symmetric annex B

line-rate AUTO

!

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

ip nat inside

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

duplex auto

speed auto

!

interface ATM0/0/0

no atm ilmi-keepalive

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

interface Dialer1

ip address negotiated

ip nat outside

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

encapsulation ppp

no cdp enable

ppp authentication chap callin

ppp chap hostname username

ppp chap password 0 password

ppp ipcp dns request

!

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

!

ip http server

ip http authentication local

!

ip nat inside source list nat-acl interface Dialer1 overload

ip nat inside source static tcp 192.168.1.10 8080 x.x.x.146 80

!

ip access-list extended nat-acl

permit ip 192.168.1.0 0.0.0.255 any

!

dialer-list 1 protocol ip permit

no cdp run

!

control-plane

!

line con 0

logging synchronous

login local

transport output all

line aux 0

transport output all

line vty 0 4

privilege level 15

login local

transport input telnet

!

scheduler max-task-time 5000

end

desai.jaideep · ‎08-14-2006

Hi

I believe that your need is to have to configure dynamic and static NAT simultaneously.

http://www.cisco.com/warp/public/556/9.html

Regards

JD