Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco 2600 Configuration help

Status
Not open for further replies.
kcallis

kcallis

MIS
Aug 21, 1999
3
MX
Ok, I decided to take the big plunge and move from my linux based FreeSCO router to a Cisco 2600. I have two FastEthernet interfaces on the Cisco. FastEthernet 0 is connected to my DSL bridge, and I am having a difficult time configuring the second interface.

I want to be able to configure the interface to handle trafic on out exposed address (5 IP addresses) as well as handle NAT for out internal machines. I am at a loss as to how to do this. I have read many books on CISCO routers, but nothing tells me how to really tweak the configuration of an interface. Nor does it tell me how to do port forwarding on the NAT side of things.

I would be greatly appreciative if someone could give me a pointer in the right direction.

Kim Callis
kcallis@c2associates.net
 
Sort by date Sort by votes
Dynamic NAT pool info here..

I think what you are really asking is how to static map a NAT translation.. ie.. point http:80 always to a certain IP address on the other side?

structure:
ip nat inside source static { tcp | udp } <localaddr> <localport> <globaladdr> <globalport>


router1(config)#ip nat inside source static tcp 10.10.10.1 <port> tcp 172.16.131.1 <port>


MikeS
&quot;Diplomacy; the art of saying 'nice doggie' till you can find a rock&quot; Wynn Catlin
 
Upvote 0 Downvote
Ok,

There are 2 pieces to this config.

One,

I am assuming you are using private addressing on the inside interface and want all nodes internal to be able to access the internet. Here is how to do it.

External Interface config should have &quot;IP NAT Outside&quot; in its config.

Internal Interface should have &quot;IP NAT inside&quot; in its config.

Create and access list that specifies what IP's (internal) are to be natted:

&quot;access-list 1 permit 10.10.10.0 0.0.0.255&quot;

Associate the ACL with NAT

ip nat inside source list 1 interface S0/0 overload



Two,

If you need outside Internet traffic to be able to access inside, private IPs for rescources such as HTTP, FTP, etc.

Here is how to do it:

&quot;ip nat inside source static tcp 10.10.10.6 25 64.123.2.161 25 extendable&quot;

This says that any tcp port 25 traffic destined for 64.123.2.161 be forwarded inside to port 25 on IP 10.10.10.6.

You said that you have been given 5 IPs. Your external interface probably uses one of them. You DO NOT have to assign your other IP's on any internal machine or any router interface. A rule of NAT allows authorized but unassicgned IPs to be used, meaning that you tell NAT to listen for traffic on a particular IP that you were assigned and to forward inbound to another. As long as they are your IPs, it works just fine.

FYI: if you do not specify a protocol and port number in an &quot;ip nat source static&quot; command, it will open up all traffic to be forwarded to the specified inside address.

I hope this helps
 
Upvote 0 Downvote
Ok, I had to make a few changes because of the 5 IP issue. Trimmer, you are correct that one of the IP address is given to the router (in order to communicate with the DSL bridge). Because I have only 2 FastEthernet interface, my current network looks like this:


(----------)
( Internet )
(----------)
|
|
| 63.194.249.160/24
| FastEthernet 0/0
(----------)
( Cisco )
(----------)
|
| 63.194.249.161/24
| FastEthernet 0/1
|------|-----|----|-------
| | | |
.162 .163 .164 |
|.165
|eth0
|
(--------------)
(Linux Router )
(Project )
(--------------)
|
|192.168.0.1/24
|eth1
|--------------------- Internal Net

Everything is working fine except there is something wrong with my Cisco config. I can't get the stuff off of FastEthernet 0/1 to use 0/0 as a default gateway. For that matter I haven't figured out how to tell 0/0 what it's default gateway is.

Would someone care to look over my config file and tell me where I might be going wrong. Anyone interested can reach me at kcallis@c2associates.net.

Thanks



 
Upvote 0 Downvote

| 63.194.249.160/24
| FastEthernet 0/0
(----------)
( Cisco )
(----------)
|
| 63.194.249.161/24
| FastEthernet 0/1


Think about what you have done here.You have the SAME subnet on two different ports. The range with your subnet is 1-254. The router is trying to decide how to route between two ethernet ports that both fall into the same range. One thing you could do is to use VLSM ( variable length subnet mask) on your E0/1 port and dice up the 63.194.249.161 one more time which would give the router a different subnet to work with. Now the router can build a route table like it wants to with two distinctly different IP ranges on each port.

For example.. on E0/1 use a 255.255.255.240 mask or /28

This gives you 1,048,574 networks and 14 hosts to a network. A nice starting range could be higher then your 1st IP so something like 63.194.249.0 is the wire.. .1 to .14 are the hosts.

Of course you could turn off routing and use the router as an expensive bridge ;-)

Let us know what happens and any questions.

MikeS &quot;Diplomacy; the art of saying 'nice doggie' till you can find a rock&quot; Wynn Catlin
 
Upvote 0 Downvote
The reason for the 2 interfaces being in the same subnet range is:

(----------)
( Internet )
(----------)
|
| 63.194.249.160
| 63.194.249.254 gw
------------- 255.255.255.0 mask
| Acutel |
| DSL Bridge|
-------------
|
|
| 63.194.249.160/24
| FastEthernet 0/0
(----------)
( Cisco )
(----------)
|
| 63.194.249.161/24
| FastEthernet 0/1

So the one interface is being used to talk to the DSL bridge.
 
Upvote 0 Downvote
I understand that.. I do the same thing on my 2514. But, I am referring to the 2nd Fastethernet port which is has an IP on the same subnet as Fastethernet E0/0. Leave E0/0 alone as it talks to the internet ISP.. once the IP packet hits your router you are free to do as you please with EXCEPT have the 2nd interface on the same subnet as the input side. The router has no way of building a route table with two interfaces on the same network. You might be able to &quot;fool it&quot; by using policy routing which forces the packets out a certain port no matter what the route table says. I have not tried it with both interfaces on the same wire from an IP perspective.

THe VLSM gives you a way to keep your IP scheme and yet still get the end results of the router actually routing packets the way it should. It's only one way of a few to get around this.

Myself? I'd run NAT on the 2600 which should be done as a poor man's firewall in any event. The reason you might want to keep a few IPs in the network between the Cisco and Linux is to run a DMZ zone where you can allow outsiders access to resources without putting your &quot;real&quot; network at risk which would be behind the Linux router. I have something like this running with a Linksys as the primary router, DMZ and then it feeds a Cisco 2514 back to my &quot;real&quot; network. It works ok but the Linksys is VERY limited to what it can do so it will be replaced someday soon.

MikeS &quot;Diplomacy; the art of saying 'nice doggie' till you can find a rock&quot; Wynn Catlin
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
210
Jared R
Jared R
pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
236
bdk76
bdk76
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
215
madwok
madwok
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
215
Hayden09
Hayden09
JMarine0811
  • Locked
  • Question
CISCO VG450 Factory reset
Replies
1
Views
272
whykap
whykap

Part and Inventory Search

Sponsor

Back
Top