Cisco 2621 config help

[flack123]

I have a cisco 2621 router. I would like to configure it so that my internet access runs through it. I have cable high speed with a static IP. Can you please give me the steps i need to take? Also, i have servers behind this route that i will need access to. 1 server is a windows 2003 server that is hosting my websites and email, the other server is a Novell 6.5 server that i use for file access. Any help with be great.

Thanks

 

[voltron1011]

Is your cable-modem use DHCP with MAC reservation? This is important because even though you do have a static IP, it is being assigned by a DHCP server.
Also, you'll need to set up a NAT (Network Address Translation) and a PAT (Port Address Translation) through the router. The PAT is for you to access your servers through the router. You'll need to assign an internal private network like 192.168.1.0/24.

 

[voltron1011]

Here is a pretty basic router config that can help you:

http://www.joshgentry.com/cisco/cisco.htm

 

[flack123]

Not sure if my ISP has DHCP with mac reservations. All i want to do with this 2600 is basicly use it as a gateway. Have my internet flow through it. Here is a copy of my config. Maybe someone can show me what i am doing wrong

Thanks

version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Cisco1
!
enable secret 5 $1$L.F8$CReAkaUvcIGCAnn6qluCt.
enable password password
!
ip subnet-zero
!
!
ip name-server 64.233.217.5 - My DNS servers from my ISP
ip name-server 64.233.217.2
!
!
!
!
interface FastEthernet0/0
ip address 192.168.123.2 255.255.255.0 -Internal address
ip nat inside
no ip mroute-cache
speed auto
half-duplex
!
interface Serial0/0
no ip address
no ip mroute-cache
!
interface FastEthernet0/1
mac-address 000f.6666.7b68
ip address 69.14.190.216 255.255.255.192 - Public static ip address
ip nat outside
ip dhcp relay information trusted
no ip mroute-cache
speed auto
half-duplex
!
router ospf 1
log-adjacency-changes
!
ip default-gateway 69.14.190.193 – Not sure if these are correct
ip classless
ip route 0.0.0.0 0.0.0.0 69.14.190.193
ip route 0.0.0.0 0.0.0.0 69.14.190.217
ip route 0.0.0.0 0.0.0.0 69.14.190.216
ip route 192.168.123.0 255.255.255.0 192.168.123.2
ip route 192.168.123.0 255.255.255.0 192.168.123.1
ip http server
!
!
ip access-list extended allowed-in
permit ip any any
snmp-server community public RO
snmp-server enable traps tty
!
line con 0
line aux 0
line vty 0 4
password password
login
!
end

 

[NetCap]

there is technology on Cisco Routers Called PAR (Port address Redirection ) which is designed to let you access to you host behind a router is doing NAT.
There two type of commands you can use :

Router(config)# ip nat inside source static local_IP_address interface external_interface

or


Router(config)# ip nat inside source static {tcp | udp}local_IP_address local_port_# interface external_interface global_port


this sample config of the net diagram in the link:

http://www.coolimagehosting.com/uploads/102b6abdd9.jpg

Router(config)# ip nat inside source static tcp 10.0.0.1 8080 interface ethernet1 8080
Router(config)# ip nat inside source static tcp 10.0.0.1 8080 interface ethernet1 80
Router(config)# ip nat inside source static tcp 10.0.0.2 23 interface ethernet1 23
Router(config)# interface ethernet0
Router(config-if)# ip nat inside
Router(config-if)# exit
Router(config)# interface ethernet1
Router(config-if)# ip nat outside

 

[voltron1011]

Netcap, what you are refering to is PAT (port address translation)... I've never heard of PAR before.

 

[flack123]

Thanks for all the help. Most everything is working now. The only thing i can't do now is get to my webserver from inside my network. It works fine from outside the network but when i try and connect to my website from inside my network, i get an error that page not displayed. Any ideas??

Thanks again

 

[safegard]

PAR is same as Port forwarding in other meaning.
Check the book Cisco Router Security for more details.

 

[safegard]

what changes have you made to your configs.
If you put your new configs i think it will be very usefull.

 

[flack123]

Here is a copy of my running config. ANy help would be great.

Thanks



Building configuration...

Current configuration : 1289 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Cisco1
!
enable secret 5 $1$L.F8$CReAkaUvcIGCAnn6qluCt.
enable password xxxxxxxx
!
ip subnet-zero
!
!
!
!
!
!
interface FastEthernet0/0
ip address internal IP 255.255.255.0
ip nat inside
no ip mroute-cache
duplex auto
speed auto
no cdp enable
!
interface Serial0/0
no ip address
no ip mroute-cache
!
interface FastEthernet0/1
ip address External IP 255.255.255.192
ip nat outside
no ip mroute-cache
duplex auto
speed auto
!
ip nat inside source list 7 interface FastEthernet0/1 overload
ip nat inside source static tcp 192.168.123.3 80 interface FastEthernet0/1 80
ip nat inside source static udp 192.168.123.3 80 interface FastEthernet0/1 80
ip nat inside source static udp 192.168.123.6 3389 interface FastEthernet0/1 3389
ip nat inside source static tcp 192.168.123.6 3389 interface FastEthernet0/1 3389
ip nat outside source static tcp external Address 25 192.168.123.14 25 extendable
ip nat outside source static udp external Address 110 192.168.123.14 110 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 External Gateway
no ip http server
!
access-list 7 permit 192.168.123.0 0.0.0.255
!
line con 0
line aux 0
line vty 0 4
password xxxxxxxx
login
!
end

Cisco1#