Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco Routing and NAT help

Status
Not open for further replies.
Cytranic

Cytranic

IS-IT--Management
Joined
Mar 6, 2006
Messages
5
Location
US
I need help with a cisco router & nat problem I have.

My setup is as followed.

Serial 0/0 10.0.0.1 ( Point to Point between an office.)
Fastethernet 0/0 192.168.10.1 ( Internal Local Gateway)
Fast Ethernet 0/1 203.207.17.135 ( Live IP address)

Basiclly I need all traffic and protocols on FastEthernet 0/1 (203.207.17.135) to be forwarded to 192.168.10.3 which is located via Fast Ethernet 0/0.

Can anyone clue me in on the ip nat commands that should make this happen?
 
Sort by date Sort by votes
What is the subnet mask for Fastethernet 0/1 ???
 
Upvote 0 Downvote
Well I've masked my ip address for security sake. However the mask is 255.255.255.224.

Do you need the correct IP address for you to diagnose?
 
Upvote 0 Downvote
I was just looking at the address you supplied and 203.207.17.135 for /29 or /30 is a broadcast address and not useable. It is however useagle on a /27 network. Can you be more specific on what you are trying to accomplish here. I take it that fastethernet 0/1 is connected to an ISP internet device and that fastethernet 0/0 and serial 0/0 networks both connect to the internet through that connection.
 
Upvote 0 Downvote
Here is my setup:

teh Serial 0/0 is connected to a point to point t-1 to our remote office. We use this T-1 stricly for Voice over IP ONLY. 192.168.10.3 is our VOIP Proxy which the phones connect to, and is connected to FastEthernet 0/0 (192.168.10.3)

Now since this is a point to point connection, its not accessable from the Internet. So what I did, is give FastEthernet 0/1 an IP from our ISP (203.207.17.135).

My goal now is to forward all traffic that comes in on FastEthernet 0/1 to 192.168.10.3. I want it to work similar to a DMZ in a cheap linksys router. Forward all traffic so my Internet VOIP phones will be able to connect to the server.
 
Upvote 0 Downvote
Also to add the Serial 0/0 is irrelevent as this is setup and working fine.

here is my router config
WEST#show running
Building configuration...

Current configuration : 1189 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname WEST
!
enable secret 5 blah
enable password 7 blah
!
ip subnet-zero
ip cef
!
!
!
!
!
!
interface FastEthernet0/0
description LAN Access 6245 Powerline Rd
ip address 192.168.10.1 255.255.255.0
no ip proxy-arp
ip nat inside
duplex auto
speed auto
!
interface Serial0/0
description T-1 for VoIP BLS ID: 60HCGS897766 800-317-3343
ip address 10.10.10.2 255.255.255.0
encapsulation ppp
!
interface FastEthernet0/1
description Access to Internet
ip address 207.203.17.152 255.255.255.224
ip nat outside
duplex auto
speed auto
!
ip nat inside source static 192.168.10.3 207.203.17.152
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
ip route 4.2.2.0 255.255.255.0 207.203.17.129
ip route 67.19.59.0 255.255.255.0 207.203.17.129
ip route 67.191.81.0 255.255.255.0 207.203.17.129
ip route 70.86.159.0 255.255.255.0 207.203.17.129
ip route 201.160.32.0 255.255.255.0 207.203.17.129
no ip http server
no ip pim bidir-enable
!
!
!
line con 0
line aux 0
line vty 0 4
logging synchronous
login
history size 100
!
!
end
 
Upvote 0 Downvote
Would you not need to have this line:
ip nat inside source static 192.168.10.3 207.203.17.152
Read as:
ip nat inside source static 192.168.10.3 207.203.17.152 extendable
in order to get it out on the internet?
Also think you will need to build and apply an access list to your internet interface as to allow traffic inbound.
One of the lines should be:
access-list 100 permit ip any host 192.168.10.3
 
Upvote 0 Downvote
You could also be more specific with the access-list if you knew all of the ports needed to connect to the PBX. We also have VOIP and IP phones but ours was easy in that the 8 port card in the PBX for the IP phones was assigned an ip routeable address and connected to the internet directly.
 
Upvote 0 Downvote
I need all ports both TCP and UDP to be sent to 192.168.10.3. My VOIP card on the PBX requires that all ports be open. Is this possible?
 
Upvote 0 Downvote
If you have this line in your inbound access list then anything would be allowed to that IP.
access-list 100 permit ip any host 192.168.10.3

Think you also need to modify your static line to read as:
ip nat inside source static 192.168.10.3 207.203.17.152 extendable
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Blackybear
  • Locked
  • Question Question
Cisco RV042G router
Replies
0
Views
332
Blackybear
Blackybear
CPM86
  • Locked
  • Question Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
569
CPM86
CPM86
Jared R
  • Locked
  • Question Question
Cisco UC320W Paging Help
Replies
0
Views
703
Jared R
Jared R
B
  • Locked
  • Question Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
412
badwolf1686
B
pbxcomm
  • Locked
  • Question Question
CISCO VG450
Replies
1
Views
831
nt8d09
nt8d09

Part and Inventory Search

Sponsor

Back
Top