Re: Router 831 and ADSL connection -config. new LAN. HELP!

peterdabr · ‎10-10-2004

I've recently purchased Cisco 831 router to start my experience with Cisco routers and get it configured with my existing LAN, but I experience many problems since the very beginning and I have few questions that hopefully will be answered :-). Here is my situation:

I have my ADSL connection with Speakeasy.net (no username or passwork required when I connect to the internet) , ADSL modem connected to 831 router and 4 static IPs. 2 of them I have assigned to my servers and 2 remaining I've decided to keep for my router (acctually I don't know if I need 2 to configure router properly).

Here is my problem:

When I type 'show interfaces' on the terminal it shows that I have two interfaces: eth0 and eth1

I connect and disconnect WAN port on the router with ethernet port on my ADSL modem and I can see that eth1 goes up or down-that's how I figured out that eth1 is routers WAN port. Here come my questions:

1) what is eth0 interface on my router( I've been trying to disconnect all my cables from the back of the router and port ethernet0 still stays 'up' according to 'show interfaces' command. Maybe eth0 is a Console port that is connected to the COM1 on the computer or maybe it is some kind of 'internal port'???

2)Second question: I configured my eth1 (WAN port) with static IP, let's say: 150.140.130.10 and mask 255.255.255.0 and connected my 2 servers (150.140.130.12 and 13) with 'built-in the router' hub. So far I'm able to ping any IP address on the internet from router itself but I can't ping any computer connected to router's hub (both of them have default gateway set to 150.140.130.10 (router's WAN port) and also I can't ping internet and my router from any server. Maybe I need to assign IP (For instance 150.140.130.11) to the eth0 or maybe I have to enable routing between eth0 and eth1 -I JUST DON"T KNOW!.... Please help me setup my router and computers so they can see themselves and Internet.

3)One of my servers is a DNS server. What is the command for the router to set it up to resolve names by using my server...or maybe is better to set router to use 'outside' DNS server (for example, my ISP's DNS sever)

Thank you guys in advance for trying to solve my router-related problems!!!

Peter

Georg Pauwen · ‎10-11-2004

Hello Peter,

the Ethernet0 interface is a virtual interface inside the router that is used to function as the Layer 3 interface, or default gateway, for the machines connected to the 4 hub ports. It therefore never goes down. You have to configure the IP address of the default gateway on this interface. The reason why, in your current setup, the router can ping the Internet, is that you have assigned a public IP address to the Ethernet1 (the WAN port) interface of your router. Since the internal Ethernet0 (the LAN port) has no IP address, the machines can neither ping the Internet, nor can you ping the machines.

Your best option is to work with NAT, your configuration would look like this (assuming that you are assigning IP addresses from within the range 192.168.1.0/24 to your local machines:

version 12.2

!

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Cisco831

!

enable password cisco

!

username cisco password 0 cisco

ip subnet-zero

no ip domain-lookup

!

ip domain-name cisco.com

!

interface Ethernet0

description connected to LAN

ip address 192.168.1.1 255.255.255.0

ip nat inside

no cdp enable

!

interface Ethernet1

description connected to INTERNET

ip address 150.140.130.10 255.255.255.0

ip nat outside

no cdp enable

!

access-list 1 permit 192.168.1.0 0.0.0.255

!

ip classless

ip route 0.0.0.0 0.0.0.0 Ethernet1

ip nat inside source list 1 interface Ethernet1 overload

ip http server

ip pim bidir-enable

!

line con 0

exec-timeout 120 0

stopbits 1

line vty 0 4

exec-timeout 0 0

no login

length 0

!

scheduler max-task-time 5000

end

The command to set the router up to use a specific DNS server is, AFAIK:

Router(config)#ip dns server

HTH,

GP

peterdabr · ‎10-11-2004

THANK YOU VERY MUCH FOR YOUR RESPONSE.

Anyway, you suggested to use NAT, but like I mentioned before I have 4 static IPs from my ISP and I'D LIKE TO USE THEM for my router and servers.

So my question is :

can I, for example assign 150.140.130.10 to the eth1 (WAN port) , 150.140.130.11 to the eth0 (virtaul interface inside the router) and last 2 static IPs to the servers and have this setup working. In other words can I assign to eth0 and eth1 static IPs from the same subnet and still be able to configure it properly so that everybody 'inside' can ping everybody 'outside' and vice versa. If yes then-do I have to set up any routing between eth0 and eth1 or the router routes all packets automatically.How to do this???

Any help will be appreciated!!!

Thank you

Peter

egonzalez · ‎10-26-2004

Peter, have you resolved this issue??

I can help you, one option is to use NAT not only to overload an interface and give your LAN PC's internet access but also to make port forwarding to the desired services on your servers, if you need the servers to have independent IP addresses you can make static NAT translations.

Contact me for details and config examples

Ego_55

peterdabr · ‎10-27-2004

Hi!

Thank you for replaying...

So far I was able to configure static NAT translation for one server (mail server -Exchange 2000 on Win2000), desktops have been configured to receive IP from DHCP server on Cisco router and then connection to the internet with 'ip nat inside source list 100 interface ethernet1 overload'.

My original idea was to have both router and servers on the LAN configured with public IPs from the same subnet, but then I got respond on the forum that only way to do this is to use bridging instead of routing, so I gave up my idea of having router and servers configured within the same subnet mask and decided to use static NAT for servers.

Now questions pop up in my head:

1) I know that my router (Cisco 831) have built-in some firewall features that I'd like to set up but I need any suggestions how to set it up correctly so I will have my Exchange server most secured.

I did security check on symantec.com and it shows that certain, 'unnecessary' ports on my Exchange server are opened and it creates a security risk and I would like these port numbers to be block on the router. Can you give me examples how to do it?

You mentioned earlier about port forwarding to the desired services on the server. How does this work (maybe config examples)? Do I have to use NAT translation with port forwarding?

Thank you for your response

Peter