Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco 2611 Nat/ static route trouble

Status
Not open for further replies.
Gutsanglory

Gutsanglory

Technical User
Joined
Jun 26, 2005
Messages
8
Location
CA
Hi all, thanks in advance for any help. I have a 2611 that i am using as my edge router to the internet. (static IP/cable modem)I am trying to get it working smoothly, but have found a few problems. I have setup NAT and all my local machines can access the internet faily well, but none of the ip nat inside static routes seem to be taking as nothing can access my internal servers. I have a ftp site using passive mode, the clients connect on port 4545, and use ports 28000 to 28010. I would like to set up the router to be fairly secure and be able to configure openings for multiple servers running on the inside lan, eg: 110, 25, 443, ect. Please have a look over my config and let me know if there is something missing, or misconfigured.

Thanks again!

GUTS

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

!
version 12.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname XXXXXXXX
!
boot-start-marker
boot-end-marker
!
enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXX
!
clock timezone MST -7
no aaa new-model
ip subnet-zero
no ip source-route
!
!
no ip domain lookup
ip name-server 64.59.135.133
ip name-server 64.59.135.135
!
no ip bootp server
ip inspect max-incomplete high 1100
ip inspect one-minute high 1100
ip inspect name Firewall tcp
ip inspect name Firewall udp
ip inspect name Firewall cuseeme
ip inspect name Firewall ftp
ip inspect name Firewall h323
ip inspect name Firewall rcmd
ip inspect name Firewall realaudio
ip inspect name Firewall smtp
ip inspect name Firewall streamworks
ip inspect name Firewall vdolive
ip inspect name Firewall sqlnet
ip inspect name Firewall tftp
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
interface Ethernet0/0
description connected to EthernetLAN
ip address 192.168.123.254 255.255.255.0
ip access-group 100 in
ip nat inside
full-duplex
no cdp enable
!
interface Serial0/0
no ip address
shutdown
!
interface Ethernet0/1
description connected to Internet
ip address 68.xxx.xxx.168 255.255.255.0
ip access-group 101 in
ip nat outside
ip inspect Firewall out
full-duplex
no cdp enable
!
ip nat inside source list 1 interface Ethernet0/1 overload
ip nat inside source static tcp 192.168.123.123 110 interface Ethernet0/1 110
ip nat inside source static tcp 192.168.123.123 443 interface Ethernet0/1 443
ip nat inside source static tcp 192.168.123.123 25 interface Ethernet0/1 25
ip nat inside source static tcp 192.168.123.222 4545 interface Ethernet0/1 4545
ip nat inside source static tcp 192.168.123.222 28000 interface Ethernet0/1 28000
ip nat inside source static tcp 192.168.123.222 28001 interface Ethernet0/1 28001
ip nat inside source static tcp 192.168.123.222 28002 interface Ethernet0/1 28002
ip nat inside source static tcp 192.168.123.222 28003 interface Ethernet0/1 28003
ip nat inside source static tcp 192.168.123.222 28004 interface Ethernet0/1 28004
ip nat inside source static tcp 192.168.123.222 28005 interface Ethernet0/1 28005
ip nat inside source static tcp 192.168.123.222 28006 interface Ethernet0/1 28006
ip nat inside source static tcp 192.168.123.222 28007 interface Ethernet0/1 28007
ip nat inside source static tcp 192.168.123.222 28008 interface Ethernet0/1 28008
ip nat inside source static tcp 192.168.123.222 28009 interface Ethernet0/1 28009
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 68.xxx.xxx.1
!
!
access-list 1 permit 192.168.123.0 0.0.0.255
access-list 100 permit ip any any
access-list 101 permit tcp any any eq smtp
access-list 101 permit tcp any any eq pop3
access-list 101 permit tcp any any eq 443
access-list 101 permit tcp any any eq 4545
access-list 101 permit tcp any any range 28000 28009
access-list 101 deny ip any any
!
line con 0
exec-timeout 0 0
password 7 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
login
line aux 0
password 7 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
login
line vty 0 4
password 7 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
login
!
!
!
end
 
Sort by date Sort by votes
Hey, I'm having the same problem recently, but my commands are a little different than yours. Check them out below

ip nat inside source static tcp 192.168.25.2 4350 140.175.xx.xx 4350 extendable
ip nat inside source static tcp 192.168.25.2 4351 140.175.xx.xx 4351 extendable
ip nat inside source static tcp 192.168.25.2 5052 140.175.xx.xx 5052 extendable
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Blackybear
  • Locked
  • Question Question
Cisco RV042G router
Replies
0
Views
315
Blackybear
Blackybear
B
  • Locked
  • Question Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
394
badwolf1686
B
pbxcomm
  • Locked
  • Question Question
CISCO VG450
Replies
1
Views
808
nt8d09
nt8d09
CPM86
  • Locked
  • Question Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
549
CPM86
CPM86
Skip Rango
  • Locked
  • Question Question
how to backup cisco sg500-52p switch
Replies
1
Views
788
madwok
madwok

Part and Inventory Search

Sponsor

Back
Top