Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Help with NAT - 2 routers

Status
Not open for further replies.
tom11011

tom11011

MIS
Joined
Oct 12, 2001
Messages
537
Location
US
Hi all,

Here is my current setup:


Internet
|
Router
|
Firewall (nat)
|
switch
|
Server (10.2.2.101)

For other reasons, it has become necessary to add a second router and a second T1 into the mix.

I need to access the server from the second router. Should I try to place the second router on a NAT in the 10.2.2.0 range? Or, will the server require a second IP address with a different gateway pointing to the new router?

What's the best way to do this? I've tried nat, but am not having any luck. I can telnet to server from the router, but not from the internet with nat. Here is my config for this new router.

version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname router
!
enable secret 5 $1$//Q3$
!
username router password 7 14051D1E1
clock timezone est -5
clock summer-time edt recurring
ip subnet-zero
ip cef
!
!
no ip domain-lookup
!
!
call rsvp-sync
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.2.2.85 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial0/0
ip address 67.x.x.90 255.255.255.252
ip nat outside
!
!
ip nat pool NAT 66.x.x.193 66.x.x.194 netmask 255.255.255.224
ip nat inside source list 1 pool NAT overload
ip nat inside source static tcp 10.2.2.85 23 66.x.x.193 23 extendable
ip nat inside source static tcp 10.2.2.101 23 66.x.x.194 23 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 67.x.x.89
ip http server
!
access-list 1 permit 10.2.2.0 0.0.0.255
!
dial-peer cor custom
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password 7 02140B4E1F0
login
!
ntp server 198.30.92.2
end
 
Sort by date Sort by votes
If I am thinking about this the right way, why not just connect the new router right off the switch? Put its ethernet interface on the same subnet as the server, and change the server's default route. NAT should work then.

You will bypass the firewall of course, but how critical that may be depends on what you are actually trying to do. Depending on what you want to accomplish, you could get away with just putting access lists on the new router.

There is another option off the top of my head. I am not sure what type of router your original one is (or your firewall for that matter), but if there is an extra ethernet interface you can plug the new one on to that as well. All you would have to do is add a static route to the original router for 10.2.2.101, and simply direct it over to the new router. Only thing is you would have to assign the server its very own public IP, and make the other necessary changes with the firewall.

This is all of course I am thinking about what you are trying to do the right way....
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CPM86
  • Locked
  • Question Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
558
CPM86
CPM86
Jared R
  • Locked
  • Question Question
Cisco UC320W Paging Help
Replies
0
Views
699
Jared R
Jared R
WinstonCH
  • Locked
  • Helpful tip Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat
Replies
1
Views
897
BIS
BIS
inlsp05
  • Locked
  • Question Question
2811 ios start with cf
Replies
0
Views
342
inlsp05
inlsp05
inlsp05
  • Locked
  • Question Question
2811&2960 48 volts wiring diagram
Replies
1
Views
623
BOKA
BOKA

Part and Inventory Search

Sponsor

Back
Top