quickconnect
IS-IT--Management
I just setup a router at our remote end and im trying to setup NAT to the inside and also allow the router to provide DHCP on the inside interface.. They will be getting DNS from their ISP so the only thing the router is doing for this site is internet protection and port 1352 Lotus Notes traffic.
Can someone look at this config and tell me what I need to do to setup NAT and DHCP...
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname XXXRTR01
!
boot-start-marker
boot-end-marker
!
enable secret 5 #############################
!
username admin password ################################
memory-size iomem 15
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa authentication login userauthen group tacacs+
aaa authorization network groupauthor local
aaa session-id common
ip subnet-zero
!
!
!
!
ip cef
ip domain name nop.test.com
ip ips po max-events 100
ip ssh time-out 30
no ftp-server write-enable
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description Connected To The Internet
ip address 100.1.1.2 255.255.255.248
no ip proxy-arp
ip nat outside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
no ip mroute-cache
speed auto
no cdp enable
!
interface Serial0/0
bandwidth 128
ip unnumbered FastEthernet0/0
no keepalive
ignore dcd
no fair-queue
no cdp enable
!
interface Ethernet1/0
description Connected To The Inside
ip address 172.16.1.1 255.255.255.0
no ip proxy-arp
ip nat inside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
no ip mroute-cache
half-duplex
no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
no ip http server
no ip http secure-server
!
!
!
access-list 1 permit 172.16.0.0 0.0.255.255
access-list 101 permit tcp host XXXXXXXXXX host XXXXXXXXXXXXXXX eq 1352
access-list 101 permit tcp host XXXXXXXXXX host XXXXXXXXXXXXXXX eq 1352
access-list 101 permit udp host XXXXXXXXXX host XXXXXXXXXXXXXXX eq 6502
access-list 101 permit tcp host XXXXXXXXXX host XXXXXXXXXXXXXXX eq 22
access-list 101 permit icmp host XXXXXXXXX host XXXXXXXXXXXXXXX
access-list 101 permit icmp host XXXXXXXXX host XXXXXXXXXXXXXXXXX
access-list 101 permit icmp host XXXXXXXXX host XXXXXXXXXXXXXXX
access-list 101 deny ip any any log
access-list 102 permit ip 172.16.0.0 0.0.255.255 any
access-list 102 deny icmp any any redirect
access-list 102 deny ip host 127.0.0.0 any
access-list 102 deny ip 224.0.0.0 31.255.255.255 any
access-list 102 deny ip host 0.0.0.0 any
access-list 102 deny ip any any log
no cdp run
!
!
control-plane
!
banner motd ^CCC
**********************************************************
This system is to be used only by specifically authorized
personnel.
**********************************************************
^C
!
line con 0
line aux 0
exec-timeout 5 0
password XXXXXXXXXXXXXXXXXX
modem InOut
modem autoconfigure type usr_sportster
transport input all
stopbits 1
speed 115200
flowcontrol hardware
line vty 0 4
exec-timeout 5 0
password XXXXXXXXXXXXXXXXXXXXXXXX
logging synchronous
transport input ssh
!
scheduler allocate 30000 2000
end
Can someone look at this config and tell me what I need to do to setup NAT and DHCP...
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname XXXRTR01
!
boot-start-marker
boot-end-marker
!
enable secret 5 #############################
!
username admin password ################################
memory-size iomem 15
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa authentication login userauthen group tacacs+
aaa authorization network groupauthor local
aaa session-id common
ip subnet-zero
!
!
!
!
ip cef
ip domain name nop.test.com
ip ips po max-events 100
ip ssh time-out 30
no ftp-server write-enable
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description Connected To The Internet
ip address 100.1.1.2 255.255.255.248
no ip proxy-arp
ip nat outside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
no ip mroute-cache
speed auto
no cdp enable
!
interface Serial0/0
bandwidth 128
ip unnumbered FastEthernet0/0
no keepalive
ignore dcd
no fair-queue
no cdp enable
!
interface Ethernet1/0
description Connected To The Inside
ip address 172.16.1.1 255.255.255.0
no ip proxy-arp
ip nat inside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
no ip mroute-cache
half-duplex
no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
no ip http server
no ip http secure-server
!
!
!
access-list 1 permit 172.16.0.0 0.0.255.255
access-list 101 permit tcp host XXXXXXXXXX host XXXXXXXXXXXXXXX eq 1352
access-list 101 permit tcp host XXXXXXXXXX host XXXXXXXXXXXXXXX eq 1352
access-list 101 permit udp host XXXXXXXXXX host XXXXXXXXXXXXXXX eq 6502
access-list 101 permit tcp host XXXXXXXXXX host XXXXXXXXXXXXXXX eq 22
access-list 101 permit icmp host XXXXXXXXX host XXXXXXXXXXXXXXX
access-list 101 permit icmp host XXXXXXXXX host XXXXXXXXXXXXXXXXX
access-list 101 permit icmp host XXXXXXXXX host XXXXXXXXXXXXXXX
access-list 101 deny ip any any log
access-list 102 permit ip 172.16.0.0 0.0.255.255 any
access-list 102 deny icmp any any redirect
access-list 102 deny ip host 127.0.0.0 any
access-list 102 deny ip 224.0.0.0 31.255.255.255 any
access-list 102 deny ip host 0.0.0.0 any
access-list 102 deny ip any any log
no cdp run
!
!
control-plane
!
banner motd ^CCC
**********************************************************
This system is to be used only by specifically authorized
personnel.
**********************************************************
^C
!
line con 0
line aux 0
exec-timeout 5 0
password XXXXXXXXXXXXXXXXXX
modem InOut
modem autoconfigure type usr_sportster
transport input all
stopbits 1
speed 115200
flowcontrol hardware
line vty 0 4
exec-timeout 5 0
password XXXXXXXXXXXXXXXXXXXXXXXX
logging synchronous
transport input ssh
!
scheduler allocate 30000 2000
end
