 |
| Register | FAQ | Members List | Calendar | Links | Search | Today's Posts | Mark Forums Read |
|
||||||||
|
|
#1
09-18-2006, 07:07 PM
|
cisco static nat
Sorry for posting a cisco question here, but no other place seems to get a
response. I need to set up static nat on my cisco 2600 so that public IP's point to a specific internal IP. this is my topology: i have 10.1.1.93-210 as my public ips, and 172.1.1.1 as my internal network. i want 10.1.1.200 to forward to 172.124.1.2. my serial int is 10.1.1.93 with .200 as a sub interface im assuming my syntax would be Code:
motolab(config)#ip nat outside source static 10.1.1.200 172.124.1.2 kinda need it to work on the first try. show run on my lab router as follows, if anyone can tell me where/if im wrong let me know. Code:
Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname motolab ! enable secret 5 $1$WH8Q$przb.w4LSb/doWjY9quSk1 enable password woot ! ip subnet-zero ! ! ! interface Ethernet0/0 ip address 172.124.1.1 255.255.255.0 no ip directed-broadcast no mop enabled ! interface Ethernet0/0.1 no ip directed-broadcast ! interface Serial0/0 ip address 10.1.1.93 255.255.0.0 no ip directed-broadcast ! interface Serial0/0.1 ip address 10.1.1.200 255.255.0.0 no ip directed-broadcast ! interface Serial0/0.2 ip address 10.1.1.204 255.255.0.0 no ip directed-broadcast ! ip nat outside source static 10.1.1.200 172.124.1.4 ip classless ! access-list 10 deny 192.168.0.6 dialer-list 1 protocol ip permit dialer-list 1 protocol ipx permit banner motd ^C Welcome! Welcome to the MotoSat lab 2610! IF you DARE mess wiht my config, i'm gonna be on you like stink on poopie. Have a nice day! :D ^C ! line con 0 password woot login transport input none line aux 0 line vty 0 4 password woot login ! end the 
|
|
#2
09-18-2006, 07:24 PM
|
|||
|
|||
|
Re: cisco static nat
Hard to give you a generic answer. Here's an example:
ip nat inside source route-map nonat interface Dialer0 overload ip nat inside source static 192.168.1.1 85.86.87.1 route-map nonat extendable ip nat inside source static 192.168.1.2 85.86.87.2 route-map nonat extendable ip nat inside source static 192.168.1.3 85.86.87.3 route-map nonat extendable Apart from that, you are best off going to the Cisco sample configurations, Anthony "the" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)... > Sorry for posting a cisco question here, but no other place seems to get a > response. > > I need to set up static nat on my cisco 2600 so that public IP's point to > a specific internal IP. this is my topology: i have 10.1.1.93-210 as my > public ips, and 172.1.1.1 as my internal network. i want 10.1.1.200 to > forward to 172.124.1.2. my serial int is 10.1.1.93 with .200 as a sub > interface > > im assuming my syntax would be > Code:
> motolab(config)#ip nat outside source static 10.1.1.200 172.124.1.2 > > the bad thing is, i have no way to test this in my lab environment, so i > kinda need it to work on the first try. show run on my lab router as > follows, if anyone can tell me where/if im wrong let me know. > > Code:
> Building configuration... > > Current configuration: > ! > version 12.0 > service timestamps debug uptime > service timestamps log uptime > no service password-encryption > ! > hostname motolab > ! > enable secret 5 $1$WH8Q$przb.w4LSb/doWjY9quSk1 > enable password woot > ! > ip subnet-zero > ! > ! > ! > interface Ethernet0/0 > ip address 172.124.1.1 255.255.255.0 > no ip directed-broadcast > no mop enabled > ! > interface Ethernet0/0.1 > no ip directed-broadcast > ! > interface Serial0/0 > ip address 10.1.1.93 255.255.0.0 > no ip directed-broadcast > ! > interface Serial0/0.1 > ip address 10.1.1.200 255.255.0.0 > no ip directed-broadcast > ! > interface Serial0/0.2 > ip address 10.1.1.204 255.255.0.0 > no ip directed-broadcast > ! > ip nat outside source static 10.1.1.200 172.124.1.4 > ip classless > ! > access-list 10 deny 192.168.0.6 > dialer-list 1 protocol ip permit > dialer-list 1 protocol ipx permit > banner motd ^C > Welcome! Welcome to the MotoSat lab 2610! IF you DARE mess wiht my > config, i'm gonna be on you like stink on poopie. Have a nice day! :D > ^C > ! > line con 0 > password woot > login > transport input none > line aux 0 > line vty 0 4 > password woot > login > ! > end >
|
|
#3
09-18-2006, 08:02 PM
|
|||
|
|||
|
Re: cisco static nat
so your setup would route traffic looking for a server at 85.86.87.2 to
192.168.1.2? The idea is my 10.1.1.93-210 are public IP's assinged to us from our ISP. i have a mail server on 172.124.1.2 inside the network, but to the public IP is 10.1.1.200. i need to forward all packets from the 10.1.1.200 public adress to the internal 172.124.1.2 address. i also have a server on 172.124.1.4 that needs to be forwarded packets from 10.1.1.204. "Anthony" <(E-Mail Removed)> wrote in message news:eDxzU$(E-Mail Removed)... > Hard to give you a generic answer. Here's an example: > > ip nat inside source route-map nonat interface Dialer0 overload > ip nat inside source static 192.168.1.1 85.86.87.1 route-map nonat > extendable > ip nat inside source static 192.168.1.2 85.86.87.2 route-map nonat > extendable > ip nat inside source static 192.168.1.3 85.86.87.3 route-map nonat > extendable > > Apart from that, you are best off going to the Cisco sample > configurations, > Anthony > > > "the" <(E-Mail Removed)> wrote in message > news:(E-Mail Removed)... >> Sorry for posting a cisco question here, but no other place seems to get >> a response. >> >> I need to set up static nat on my cisco 2600 so that public IP's point to >> a specific internal IP. this is my topology: i have 10.1.1.93-210 as my >> public ips, and 172.1.1.1 as my internal network. i want 10.1.1.200 to >> forward to 172.124.1.2. my serial int is 10.1.1.93 with .200 as a sub >> interface >> >> im assuming my syntax would be >> Code:
>> motolab(config)#ip nat outside source static 10.1.1.200 172.124.1.2 >> >> the bad thing is, i have no way to test this in my lab environment, so i >> kinda need it to work on the first try. show run on my lab router as >> follows, if anyone can tell me where/if im wrong let me know. >> >> Code:
>> Building configuration... >> >> Current configuration: >> ! >> version 12.0 >> service timestamps debug uptime >> service timestamps log uptime >> no service password-encryption >> ! >> hostname motolab >> ! >> enable secret 5 $1$WH8Q$przb.w4LSb/doWjY9quSk1 >> enable password woot >> ! >> ip subnet-zero >> ! >> ! >> ! >> interface Ethernet0/0 >> ip address 172.124.1.1 255.255.255.0 >> no ip directed-broadcast >> no mop enabled >> ! >> interface Ethernet0/0.1 >> no ip directed-broadcast >> ! >> interface Serial0/0 >> ip address 10.1.1.93 255.255.0.0 >> no ip directed-broadcast >> ! >> interface Serial0/0.1 >> ip address 10.1.1.200 255.255.0.0 >> no ip directed-broadcast >> ! >> interface Serial0/0.2 >> ip address 10.1.1.204 255.255.0.0 >> no ip directed-broadcast >> ! >> ip nat outside source static 10.1.1.200 172.124.1.4 >> ip classless >> ! >> access-list 10 deny 192.168.0.6 >> dialer-list 1 protocol ip permit >> dialer-list 1 protocol ipx permit >> banner motd ^C >> Welcome! Welcome to the MotoSat lab 2610! IF you DARE mess wiht my >> config, i'm gonna be on you like stink on poopie. Have a nice day! :D >> ^C >> ! >> line con 0 >> password woot >> login >> transport input none >> line aux 0 >> line vty 0 4 >> password woot >> login >> ! >> end >> > >
|
|
#4
09-18-2006, 08:07 PM
|
|||
|
|||
|
Re: cisco static nat
Use inside, not outside.
ip nat inside source static 10.1.1.200 172.124.1.2 You'll also have to add 'ip nat inside' and 'ip nat outside' to the appropriate interfaces. "the" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)... > Sorry for posting a cisco question here, but no other place seems to get a > response. > > I need to set up static nat on my cisco 2600 so that public IP's point to a > specific internal IP. this is my topology: i have 10.1.1.93-210 as my > public ips, and 172.1.1.1 as my internal network. i want 10.1.1.200 to > forward to 172.124.1.2. my serial int is 10.1.1.93 with .200 as a sub > interface > > im assuming my syntax would be > Code:
> motolab(config)#ip nat outside source static 10.1.1.200 172.124.1.2 > > the bad thing is, i have no way to test this in my lab environment, so i > kinda need it to work on the first try. show run on my lab router as > follows, if anyone can tell me where/if im wrong let me know. > > Code:
> Building configuration... > > Current configuration: > ! > version 12.0 > service timestamps debug uptime > service timestamps log uptime > no service password-encryption > ! > hostname motolab > ! > enable secret 5 $1$WH8Q$przb.w4LSb/doWjY9quSk1 > enable password woot > ! > ip subnet-zero > ! > ! > ! > interface Ethernet0/0 > ip address 172.124.1.1 255.255.255.0 > no ip directed-broadcast > no mop enabled > ! > interface Ethernet0/0.1 > no ip directed-broadcast > ! > interface Serial0/0 > ip address 10.1.1.93 255.255.0.0 > no ip directed-broadcast > ! > interface Serial0/0.1 > ip address 10.1.1.200 255.255.0.0 > no ip directed-broadcast > ! > interface Serial0/0.2 > ip address 10.1.1.204 255.255.0.0 > no ip directed-broadcast > ! > ip nat outside source static 10.1.1.200 172.124.1.4 > ip classless > ! > access-list 10 deny 192.168.0.6 > dialer-list 1 protocol ip permit > dialer-list 1 protocol ipx permit > banner motd ^C > Welcome! Welcome to the MotoSat lab 2610! IF you DARE mess wiht my > config, i'm gonna be on you like stink on poopie. Have a nice day! :D > ^C > ! > line con 0 > password woot > login > transport input none > line aux 0 > line vty 0 4 > password woot > login > ! > end > >
|
|
#5
09-18-2006, 08:24 PM
|
|||
|
|||
|
Re: cisco static nat
so this "show run" should work for me? goal is to forwared traffic looking
for 10.1.1.200 to a server at 172.124.1.2, and traffic from 10.1.1.204 to a server at 172.124.1.4 assuming 10.1.1.x are public ip's Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname motolab ! enable secret 5 $1$WH8Q$przb.w4LSb/doWjY9quSk1 enable password cock ! ip subnet-zero ! ! ! interface Ethernet0/0 ip address 172.124.1.1 255.255.255.0 no ip directed-broadcast ip nat inside no mop enabled ! interface Ethernet0/0.1 no ip directed-broadcast ! interface Serial0/0 ip address 10.1.1.93 255.255.0.0 no ip directed-broadcast ip nat outside ! interface Serial0/0.1 ip address 10.1.1.200 255.255.0.0 no ip directed-broadcast ip nat outside ! interface Serial0/0.2 ip address 10.1.1.204 255.255.0.0 no ip directed-broadcast ip nat outside ! ip nat inside source static 10.1.1.204 172.124.1.4 ip nat inside source static 10.1.1.200 172.124.1.2 ip classless ! access-list 10 deny 192.168.0.6 dialer-list 1 protocol ip permit dialer-list 1 protocol ipx permit banner motd ^C Welcome! Welcome to the MotoSat lab 2610! IF you DARE mess wiht my config, i'm gonna be on you like stink on shit. Have a nice day!  ^C ! line con 0 password cock login transport input none line aux 0 line vty 0 4 password cock login ! end "Neteng" <(E-Mail Removed)> wrote in message news:e$(E-Mail Removed)... > Use inside, not outside. > ip nat inside source static 10.1.1.200 172.124.1.2 > > You'll also have to add 'ip nat inside' and 'ip nat outside' to the > appropriate interfaces. > > "the" <(E-Mail Removed)> wrote in message > news:(E-Mail Removed)... >> Sorry for posting a cisco question here, but no other place seems to get >> a >> response. >> >> I need to set up static nat on my cisco 2600 so that public IP's point to > a >> specific internal IP. this is my topology: i have 10.1.1.93-210 as my >> public ips, and 172.1.1.1 as my internal network. i want 10.1.1.200 to >> forward to 172.124.1.2. my serial int is 10.1.1.93 with .200 as a sub >> interface >> >> im assuming my syntax would be >> Code:
>> motolab(config)#ip nat outside source static 10.1.1.200 172.124.1.2 >> >> the bad thing is, i have no way to test this in my lab environment, so i >> kinda need it to work on the first try. show run on my lab router as >> follows, if anyone can tell me where/if im wrong let me know. >> >> Code:
>> Building configuration... >> >> Current configuration: >> ! >> version 12.0 >> service timestamps debug uptime >> service timestamps log uptime >> no service password-encryption >> ! >> hostname motolab >> ! >> enable secret 5 $1$WH8Q$przb.w4LSb/doWjY9quSk1 >> enable password woot >> ! >> ip subnet-zero >> ! >> ! >> ! >> interface Ethernet0/0 >> ip address 172.124.1.1 255.255.255.0 >> no ip directed-broadcast >> no mop enabled >> ! >> interface Ethernet0/0.1 >> no ip directed-broadcast >> ! >> interface Serial0/0 >> ip address 10.1.1.93 255.255.0.0 >> no ip directed-broadcast >> ! >> interface Serial0/0.1 >> ip address 10.1.1.200 255.255.0.0 >> no ip directed-broadcast >> ! >> interface Serial0/0.2 >> ip address 10.1.1.204 255.255.0.0 >> no ip directed-broadcast >> ! >> ip nat outside source static 10.1.1.200 172.124.1.4 >> ip classless >> ! >> access-list 10 deny 192.168.0.6 >> dialer-list 1 protocol ip permit >> dialer-list 1 protocol ipx permit >> banner motd ^C >> Welcome! Welcome to the MotoSat lab 2610! IF you DARE mess wiht my >> config, i'm gonna be on you like stink on poopie. Have a nice day! :D >> ^C >> ! >> line con 0 >> password woot >> login >> transport input none >> line aux 0 >> line vty 0 4 >> password woot >> login >> ! >> end >> >> > >
|
|
#6
09-18-2006, 09:18 PM
|
|||
|
|||
|
Re: cisco static nat
ok monkey wrench in the system >:O
just logged into out main router to try my new setup, and i cant do anything. betwee fasteth 0/0 and serrial 0/0 ther is a frame relay IETF, and the first public ip (10.1.1.93) is assinged to fast eth 0/0. trying to make ser 0/0.2 have 10.1.1.200 give an obvious error of overlapping with fasteht 0/0. now im lost for sure on how to do this  "Neteng" <(E-Mail Removed)> wrote in message news:e$(E-Mail Removed)... > Use inside, not outside. > ip nat inside source static 10.1.1.200 172.124.1.2 > > You'll also have to add 'ip nat inside' and 'ip nat outside' to the > appropriate interfaces. > > "the" <(E-Mail Removed)> wrote in message > news:(E-Mail Removed)... >> Sorry for posting a cisco question here, but no other place seems to get >> a >> response. >> >> I need to set up static nat on my cisco 2600 so that public IP's point to > a >> specific internal IP. this is my topology: i have 10.1.1.93-210 as my >> public ips, and 172.1.1.1 as my internal network. i want 10.1.1.200 to >> forward to 172.124.1.2. my serial int is 10.1.1.93 with .200 as a sub >> interface >> >> im assuming my syntax would be >> Code:
>> motolab(config)#ip nat outside source static 10.1.1.200 172.124.1.2 >> >> the bad thing is, i have no way to test this in my lab environment, so i >> kinda need it to work on the first try. show run on my lab router as >> follows, if anyone can tell me where/if im wrong let me know. >> >> Code:
>> Building configuration... >> >> Current configuration: >> ! >> version 12.0 >> service timestamps debug uptime >> service timestamps log uptime >> no service password-encryption >> ! >> hostname motolab >> ! >> enable secret 5 $1$WH8Q$przb.w4LSb/doWjY9quSk1 >> enable password woot >> ! >> ip subnet-zero >> ! >> ! >> ! >> interface Ethernet0/0 >> ip address 172.124.1.1 255.255.255.0 >> no ip directed-broadcast >> no mop enabled >> ! >> interface Ethernet0/0.1 >> no ip directed-broadcast >> ! >> interface Serial0/0 >> ip address 10.1.1.93 255.255.0.0 >> no ip directed-broadcast >> ! >> interface Serial0/0.1 >> ip address 10.1.1.200 255.255.0.0 >> no ip directed-broadcast >> ! >> interface Serial0/0.2 >> ip address 10.1.1.204 255.255.0.0 >> no ip directed-broadcast >> ! >> ip nat outside source static 10.1.1.200 172.124.1.4 >> ip classless >> ! >> access-list 10 deny 192.168.0.6 >> dialer-list 1 protocol ip permit >> dialer-list 1 protocol ipx permit >> banner motd ^C >> Welcome! Welcome to the MotoSat lab 2610! IF you DARE mess wiht my >> config, i'm gonna be on you like stink on poopie. Have a nice day! :D >> ^C >> ! >> line con 0 >> password woot >> login >> transport input none >> line aux 0 >> line vty 0 4 >> password woot >> login >> ! >> end >> >> > >
|
|
#7
09-22-2006, 06:37 PM
|
|||
|
|||
|
Re: cisco static nat
You do not need sub interfaces on serial 0/0 with the IP's you want t NAT. Delete interfaces serial0/0.1 and serial 0/0.2, then use these na statements ip nat inside source static 172.124.1.4 10.1.1.204 ip nat inside source static 172.124.1.2 10.1.1.200 Make serial 0/0 ip nat outside and Etherent 0/0 ip nat insid That is all you need -- (E-Mail Removed) ----------------------------------------------------------------------- (E-Mail Removed)'s Profile: http://forums.techarena.in/member.php?userid=1784 View this thread: http://forums.techarena.in/showthread.php?t=58996 http://www.techarena.i
|
 |
| Tags |
| cisco, nat, static |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
