XTLPatrickM
IS-IT--Management
Hi,
we received a Cisco 828 GSHDSL Router from our provider.
In our company we are running Windows 2000 servers.
We received the Router with a setup that we wanted to be re-configured, cause we want to use NAT inside.
We want to have the following:
Router with external ip 213.168.x.x and internal ip 10.10.x.250 to act as the default gateway for the servers that handle our internal network. Additional, we have ip adresses (194.14.x.248 to 194.14.x.254) configured in the router. The servers have two network interfaces (one for the router with 10.10.x.x and one with the internal network ip).
With the configuration that was provided by our ISP we can ping 10.10.x.250 and 213.168.x.x from inside but not outside of this (even not the name server of our isp). From outside we can ping 213.168.x.x but not any further inside...
We need access as well from inside to outside and from outside to 194.14.x.248 to 194.14.x.254.
Here is our config:
----------------------------------------------------------
ip subnet-zero
no ip source-route
ip name-server 194.8.x.70
!
!
!
!
interface Ethernet0
ip address 10.10.x.250 255.255.255.0
no ip proxy-arp
ip nat outside
hold-queue 32 in
hold-queue 100 out
!
interface ATM0
no ip address
no ip proxy-arp
no atm auto-configuration
no atm ilmi-keepalive
no atm address-registration
no atm ilmi-enable
dsl equipment-type CPE
dsl operating-mode GSHDSL symmetric annex B
dsl linerate AUTO
!
interface ATM0.1 point-to-point
no ip proxy-arp
pvc 8/35
protocol ip 213.168.x.80 broadcast
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer1
ip address 213.168.x.80 255.255.255.0
no ip proxy-arp
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username xxxxx
password 7 xxxx
!
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static 10.10.x.2 195.14.x.253
ip nat inside source static 10.10.x.3 195.14.x.252
ip nat inside source static 10.10.x.4 195.14.x.251
ip nat inside source static tcp 10.10.x.250 23 213.168.x.80 23 extendable
ip nat inside source static 10.10.x.5 195.14.x.250
ip nat inside source static 10.10.x.1 195.14.x.254
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
!
!
access-list 1 permit 195.14.x.208 0.0.0.15
access-list 1 permit 195.14.x.248 0.0.0.7
access-list 1 permit 10.10.x.0 0.0.0.255
access-list 5 permit 194.8.x.0 0.0.0.255
access-list 5 permit 194.8.x.0 0.0.0.255
access-list 5 permit 195.14.x.0 0.0.0.31
access-list 5 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
!
line con 0
exec-timeout 120 0
logging synchronous
stopbits 1
line vty 0 4
access-class 5 in
exec-timeout 0 0
password 7 xxxx
login
!
scheduler max-task-time 5000
end
--------------------------------------------------------
Any help is welcome.
Regards,
Patrick
we received a Cisco 828 GSHDSL Router from our provider.
In our company we are running Windows 2000 servers.
We received the Router with a setup that we wanted to be re-configured, cause we want to use NAT inside.
We want to have the following:
Router with external ip 213.168.x.x and internal ip 10.10.x.250 to act as the default gateway for the servers that handle our internal network. Additional, we have ip adresses (194.14.x.248 to 194.14.x.254) configured in the router. The servers have two network interfaces (one for the router with 10.10.x.x and one with the internal network ip).
With the configuration that was provided by our ISP we can ping 10.10.x.250 and 213.168.x.x from inside but not outside of this (even not the name server of our isp). From outside we can ping 213.168.x.x but not any further inside...
We need access as well from inside to outside and from outside to 194.14.x.248 to 194.14.x.254.
Here is our config:
----------------------------------------------------------
ip subnet-zero
no ip source-route
ip name-server 194.8.x.70
!
!
!
!
interface Ethernet0
ip address 10.10.x.250 255.255.255.0
no ip proxy-arp
ip nat outside
hold-queue 32 in
hold-queue 100 out
!
interface ATM0
no ip address
no ip proxy-arp
no atm auto-configuration
no atm ilmi-keepalive
no atm address-registration
no atm ilmi-enable
dsl equipment-type CPE
dsl operating-mode GSHDSL symmetric annex B
dsl linerate AUTO
!
interface ATM0.1 point-to-point
no ip proxy-arp
pvc 8/35
protocol ip 213.168.x.80 broadcast
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer1
ip address 213.168.x.80 255.255.255.0
no ip proxy-arp
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username xxxxx
password 7 xxxx
!
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static 10.10.x.2 195.14.x.253
ip nat inside source static 10.10.x.3 195.14.x.252
ip nat inside source static 10.10.x.4 195.14.x.251
ip nat inside source static tcp 10.10.x.250 23 213.168.x.80 23 extendable
ip nat inside source static 10.10.x.5 195.14.x.250
ip nat inside source static 10.10.x.1 195.14.x.254
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
!
!
access-list 1 permit 195.14.x.208 0.0.0.15
access-list 1 permit 195.14.x.248 0.0.0.7
access-list 1 permit 10.10.x.0 0.0.0.255
access-list 5 permit 194.8.x.0 0.0.0.255
access-list 5 permit 194.8.x.0 0.0.0.255
access-list 5 permit 195.14.x.0 0.0.0.31
access-list 5 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
!
line con 0
exec-timeout 120 0
logging synchronous
stopbits 1
line vty 0 4
access-class 5 in
exec-timeout 0 0
password 7 xxxx
login
!
scheduler max-task-time 5000
end
--------------------------------------------------------
Any help is welcome.
Regards,
Patrick
