Interface question

[DManigo]

Still trying to correct my config.
The router is a Cisco 827-v4 (single ethernet port)

Reading my ICND book on NAT/PAT as I think my issue is with routing more than the ACL's.I noticed my current config:
Interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
loopback
hold-queue 100 out
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5snap
dsl operating-mode auto
bridge-group 1
interface BVI1
ip address 63.162.201.72 255.255.255.0
ip access-group 100 in
ip nat outside
ip nat inside source list 1 interface BVI1 overload
==
I noticed realized my <ip nat outside> command is on <interface BVI1>. Reading some of the other post, I see <ip nat outside> on the <ethernet interface> instead. wondering if I need the <BVI1 interface> at all since I have a switch configured for VLAN's.

Joamon, Hopefully I can contiune to pick your brain or anyone who would like to take it,
1.why is the ATM0 interface set to <no ip address>
2.should the <ip nat outside> command also sit on the ethernet0 interface?
3. what is the purpose of <BVI1>

What I am trying to do :
run the Cisco 827-v4 connected to a Cisco 1924 switch configured with VLAN's. Run normal LAN internet access and an internal web server. Inside local address is not important at all. Global outside address is 63.162.201.72
**thinking about adding a 2nd static specifically for the server**

 

[JOAMON]

1.) ATM 0 is the physical DSL interface. 3.) BVI1 is a virtual interface usually setup as a dialer interface to configure settings for dsl ATM interface. 2.) ethernet 0 is your inside interface thus you need ip nat inside on this.

As far as you web server I do think you should keep trying to extend it through the router as this will give you more control over how it is accessed. If you simply get a second IP and put it on the WEB all services will be exposed/exploiteable. Going through the router gives you the option of what ports/protocols to allow. I hope someone chimes in that can better help you on this matter. Cant give any more advice than that right now as the Perkaset has kicked in full.....passing a stone...funnnnn

 

[watchguardmonkey]

plz paste up router config.

 

[DManigo]

Current config

ip subnet-zero
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.4
ip dhcp pool cisco
network 192.168.1.0 255.255.255.0
domain-name sprinthsd.net
dns-server 207.217.126.81 207.217.77.82 207.217.120.83
default-router 192.168.1.1
bridge irb
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
loopback
hold-queue 100 out
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5snap
dsl operating-mode auto
bridge-group 1
interface BVI1
ip address 63.162.201.72 255.255.255.0
ip access-group 100 in
ip nat outside
ip nat inside source list 1 interface BVI1 overload
ip nat inside source static tcp 192.168.1.4 80 63.162.201.72 80 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 63.162.201.1
no ip http server
access-list 1 permit 192.168.1.0 0.0.0.255
bridge 1 protocol ieee
bridge 1 route ip

 

[watchguardmonkey]

can you clarify why your bridging on the ATMO int?
ATMO, is this the connection to the Internet?
Do you want to run VLANS on the router?

ip nat inside source list 1 interface BVI1 overload

change this to "outside"

ip nat inside source static tcp 192.168.1.4 80 63.162.201.72 80 extendable

same for this.

WGM

 

[DManigo]

I'm not sure how to answer your question as I am completely new to the Cisco world. The current config was given to me by a coworker in which I altered for my network.

Based on your instruction, I see where the possible error could be:

interface BVI1
ip address 63.162.201.72 255.255.255.0
ip access-group 100 in
ip nat outside
and I have the ip nat BVI1 interface pointing inside along with extendabale command. Will make nec. corrections and post results.

thanks WGM,Joamon

 

[DManigo]

Sorry it took so long,

I made the corrections and still nothing.

 

[DManigo]

I changed the running-config

ip subnet-zero
ip dhcp excluded-address 192.168.1.1
ip dhcp pool cisco
network 192.168.1.0 255.255.255.0
domain-name 5thborocs.com
dns-server 63.162.197.69 207.217.126.81 204.117.214.10
default-router 192.168.1.1
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
interface ATM0
ip address 63.162.201.72 255.255.255.0
ip directed-broadcast
ip nat outside
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5snap
dsl operating-mode auto
ip nat outside source list 1 interface ATM0
ip classless
ip route 0.0.0.0 0.0.0.0 63.162.201.1
no ip http server
access-list 1 permit 192.168.1.0 0.0.0.255
==
command <sh ip int br> showing the following:

(interface) ATM0
(ip address) 63.162.201.72
(OK ?) yes
(method) NVRAM
(status/protocol) up/up

(inerface) Ethernet0
(ip address) 192.168.1.1
(OK ?) yes
(method) manual
(satus/protocol) up/down
==
Pulling valid LAN ip and correct gateway, but unable to ping the gateway from router. Can anyone explain why the ethernet protocol is down? I tried changing the interface ip address to 192.168.1.2,<sh ip int br> still showing protocol down.

 

[lambent]

maybe cable problem...

what kind of device is connecting to interface e0?