Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to configure this with NAT ?

Status
Not open for further replies.
jaccies

jaccies

Technical User
Joined
Mar 29, 2005
Messages
4
Location
NL
How is the following to configure with NAT :

10.0.0.xxx ---- ETH0 Cisco2500 ETH1 --- 10.0.40.1 server


The server 10.0.40.1 should be accessable via telnet for
all users with IP 10.0.0.xxx on ETH0, so they
should access it by : telnet 10.0.40.1

But the server should also be accessable by the outside world if I telnet to 170.10.10.1 , so I need to use NAT

How to configure this , below does not work
I can telnet to 170.10.10.1 but not to 10.0.40.1 ?

int ETH0
ip nat outside
int ETH1
ip nat inside

ip nat inside source static 10.0.40.1 170.10.10.1

thanks
 
Sort by date Sort by votes
I guess 170.10.10.1 is the address of a serial interface (or whatever interface connects to the ISP).
Why do you do NAT between the two private LAN's?
I guess you need something like this:

int Serial0
ip address 170.10.10.1 xxx.xxx.xxx.xxx
ip nat outside
int ETH0
ip address 10.0.0.x xxx.xxx.xxx.xxx
ip nat inside
int ETH1
ip address 10.0.40.1 xxx.xxx.xxx.xxx
ip nat inside

ip nat inside source list 7 interface serial 0 overload
access-list 7 permit 10.0.40.0 0.0.0.255
ip nat inside source static 10.0.40.1 170.10.10.1
-> All connections to 170.10.10.1 will be redirected to 10.0.40.1. Therefore you will not be able to telnet to the router from the public side, only from internal networks (connections to either 10.0.409.1 or 10.0.0.x). Unless you use a public IP address pool.

Here you'll find all info related to NAT:


regards,
Alain
 
Upvote 0 Downvote
ooops, I guess the access list should permit both internal ip ranges:
access-list 7 permit 10.0.40.0 0.0.0.255
access-list 7 permit 10.0.0.0 0.0.0.255


regards,
Alain
 
Upvote 0 Downvote
Alain,
thanks for your answer, it is not via a serial line,
but via ETH1.
From outside world they come in via a PIX,
and give them telnet access to 170.10.10.1 ( so they can trace the outside world) which
is my server 10.0.40.1 , that's why I need NAT .
But the way I configured it I can only telnet from 10.0.0.x to 170.10.10.1 but not to 10.0.40.1 .
thanks

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CPM86
  • Locked
  • Question Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
558
CPM86
CPM86
Skip Rango
  • Locked
  • Question Question
how to backup cisco sg500-52p switch
Replies
1
Views
796
madwok
madwok
B
  • Locked
  • Question Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
402
badwolf1686
B
Luzbel
  • Locked
  • Question Question
Connecting HVAC controller to network
Replies
0
Views
574
Luzbel
Luzbel
WinstonCH
  • Locked
  • Helpful tip Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat
Replies
1
Views
896
BIS
BIS

Part and Inventory Search

Sponsor

Back
Top