Cisco routing behind DSL connection 1

[cupidco]

My ISP allows me to have a block of static global addresses with the DSL router/modem which they provide. However I was wondering if it would be possible to use a Cisco 2611 "which has 2 Ethernet connections" behind my DSL connection to route the traffic to my local network.
I will be able to add true security to my networks.

Please Help.

 

[watchguardmonkey]

why not add a FW,if security is a concern?

 

[cupidco]

Actually I do have a pix, but it turns off and on for no reason. However I should be able to setup the same firewall situation on the 2611 router.

 

[watchguardmonkey]

you will be able to use the 2611 as you describe, be a bit of a hassle updating you ACL's mind you, just have them on notepad to cut and paste. but see no reason why it wont work.

 

[cupidco]

how should I set up the NAT

 

[watchguardmonkey]

probably best to run NAT on the 2611, as one of you ethernet ports will be the external gateway to the DSL, right?

just straight forward NAT should do, unless you need to access devices behind the 2611 from outside, then you'll need some static NATing setup, but if not just simple NAT on the interfaces andan overload statment will be fine eg,

e0/0 (connection to DSL) ip nat outside.

e0/1 (LAN) ip nat inside.

 

[cupidco]

Actually I do need to access a mailserver and a picture gallery behind the 2611. I want to use my public ip and have them translate to the Local ip's on my home lan.
I mainly want to use the cisco 2611 to control the traffic like you would with regular port forwarding. For Example: iI I need to get to my mail server, I would be able to use one of my public or Static addressed, then I would be able to connect to my local mail server on a 192.168.X.X network. After the router translates it to the local.

Thanks for your help.

 

[lashboy]

simple NAT config
==========================================

interface FastEthernet1
ip address xx.xx.xx.xx xx.xx.xx.xx ( Legal IP)
ip nat outside
ip virtual-reassembly
duplex auto
speed auto


interface Vlan1
ip address 192.168.56.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 145

You can use ethernet interface also

ip route 0.0.0.0 0.0.0.0 xx.xx.xx.xx ( GW)


ip nat inside source list 102 interface FastEthernet1 overload


!
access-list 102 permit ip 192.168.56.0 0.0.0.255 any




!

 

[cupidco]

Actually I did get the Nat to work, but I have a block of Ip Addresses and I need to setup a nat pool.

See Config below:

interface Ethernet0/0
ip address 192.168.10.4 255.255.255.0
ip nat inside
full-duplex
!
interface Ethernet0/1
ip address 168.xxx.xxx.xxx 255.255.255.240
ip nat outside
full-duplex
!
ip nat inside source list 1 interface Ethernet0/1 overload
ip nat inside source static tcp 192.168.10.5 443 168.xxx.xxx.xxx 443 extendable
ip nat inside source static tcp 192.168.10.7 20 168.xxx.xxx.xxx 20 extendable
ip nat inside source static tcp 192.168.10.7 21 168.xxx.xxx.xxx 21 extendable
ip nat inside source static tcp 192.168.10.2 25 168.xxx.xxx.xxx 25 extendable
ip nat inside source static tcp 192.168.10.2 110 168.xxx.xxx.xxx 110 extendable
ip nat inside source static tcp 192.168.10.2 80 168.xxx.xxx.xxx 80 extendable
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 168.xxx.xxx.xxx
!
!
access-list 1 permit 192.168.10.0 0.0.0.255

Would I be able to add a nat pool statement to allow all my public ip's to work.

Thanks.