fredjchavez
MIS
the basic setup below allows full access to the outside world from the private network via pat/nat (works great). in addition, i would like to be able to access my internal web server at 192.168.1.241 port 80 via 206.111.80.98 port 80 while on the internet (outside). please advise. i have tried numerous things and the only result is that i break nat/pat fom the internal hosts. i only have one public ip assigned. any gurus out there wanna tackle (good is a howto, better is command syntax ?
-Fred
interface ethernet1 10full
mtu outside 1500
mtu inside 1500
ip address outside 206.111.80.98 255.255.255.0
ip address inside 192.168.1.1 255.255.255.0
ip verify reverse-path interface outside
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.1.3 255.255.255.255 inside
pdm location 192.168.1.5 255.255.255.255 inside
pdm location 206.111.80.98 255.255.255.255 inside
pdm location 192.168.1.2 255.255.255.255 inside
pdm location 192.168.1.241 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group 100 in interface outside
route outside 0.0.0.0 0.0.0.0 206.111.80.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.5 255.255.255.255 inside
http 192.168.1.3 255.255.255.255 inside
http 192.168.1.2 255.255.255.255 inside
floodguard enable
no sysopt route dnat
telnet 192.168.1.0 255.255.255.0 inside
telnet 206.111.80.98 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd dns 192.168.1.241 216.13.28.12
dhcpd lease 360000
-Fred
interface ethernet1 10full
mtu outside 1500
mtu inside 1500
ip address outside 206.111.80.98 255.255.255.0
ip address inside 192.168.1.1 255.255.255.0
ip verify reverse-path interface outside
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.1.3 255.255.255.255 inside
pdm location 192.168.1.5 255.255.255.255 inside
pdm location 206.111.80.98 255.255.255.255 inside
pdm location 192.168.1.2 255.255.255.255 inside
pdm location 192.168.1.241 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group 100 in interface outside
route outside 0.0.0.0 0.0.0.0 206.111.80.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.5 255.255.255.255 inside
http 192.168.1.3 255.255.255.255 inside
http 192.168.1.2 255.255.255.255 inside
floodguard enable
no sysopt route dnat
telnet 192.168.1.0 255.255.255.0 inside
telnet 206.111.80.98 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd dns 192.168.1.241 216.13.28.12
dhcpd lease 360000