Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Configure NAT for First Time - Please Help! 1

Status
Not open for further replies.
JRosario78

JRosario78

MIS
Jun 5, 2005
103
US
Hi All,

I need help configuring NAT for the first time. I need to configure NAT for VLAN 2 (Config listed below). I also would like to setup what I think is call a Static NAT for a server that will need to be accessed by the outside (Ports 80, 8080, 25, and 3389). I've provided the router's current config below. Thanks in advance for your help!

Building configuration...

Current configuration : 1080 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log uptime
service password-encryption
!
hostname CCNA2620RTR
!
boot-start-marker
boot-end-marker
!
enable secret 5
!
no aaa new-model
ip subnet-zero
ip cef
!
!
ip name-server 192.168.0.1
ip name-server xxx.xxx.xxx.7
ip name-server xxx.xxx.xxx.71
ip name-server xxx.xxx.xxx.8
!
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description Connection to WRT54GS
ip address 192.168.0.20 255.255.255.224
speed 100
full-duplex
!
interface FastEthernet1/0
no ip address
speed 100
full-duplex
!
interface FastEthernet1/0.1
encapsulation dot1Q 1 native
ip address 192.168.1.1 255.255.255.224
!
interface FastEthernet1/0.2
encapsulation dot1Q 2
ip address 192.168.2.1 255.255.255.0
!
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password 7
login
line vty 5 15
password 7
login
!
!
end
 
Sort by date Sort by votes
your going to need something like this:

conf t
int fa0/0
ip nat outside
int fa1/0.2
ip nat inside
access-list 1 permit 192.168.2.1 0.0.0.255
ip nat inside source list 1 interface fa0/0 overload

ip nat inside source static tcp x.x.x.x 80 y.y.y.y 80 extendable
ip nat inside source static tcp x.x.x.x 8080 y.y.y.y 8080 extendable
ip nat inside source static tcp x.x.x.x 3389 y.y.y.y 3389 extendable
ip nat inside source static tcp x.x.x.x 25 y.y.y.y 25 extendable
Click to expand...

x.x.x.x = internal address (server)
y.y.y.y = external address you want it to nat to.

here is a good nat page from cisco if you want to research a little more into it...

 
Upvote 0 Downvote
plshlpme,

Thanks for your help! When I pinged 192.168.2.1 from a PC on the 192.168.0.0 network, it looked like I was pinging 192.168.0.20. So I guess that worked.

I'm not sure of the static NAT. I don't know what address I should use on the inside and the outside. Also what addresses should I use for the devices within VLAN 2.

Thanks!

 
Upvote 0 Downvote
192.168.0.20 is your external address.. your internal address will be whatever the server address is on your lan..


i typoed above too..
technically your
access-list 1 permit 192.168.2.1 0.0.0.255
should be
access-list 1 permit 192.168.2.0 0.0.0.255
im not sure if it would have auto corrected it or not.


basically since you are natting everything onto your fa0 address... from the network point of view they will never see any of your ips from inside.. all of your hosts in the 192.168.2.0 subnet will appear to be 192.168.0.20

so if you had a web server on 192.168.2.100 you would need

ip nat inside source static tcp 192.168.2.100 80 192.168.0.20 80 extendable
 
Upvote 0 Downvote
I'm still having problems getting NAT to work. I'm unable to access the devices on VLAN 2, using 192.168.0.20 for RDP client or web browser. Below is my config file.

CCNA2620RTR#sh run
Building configuration...

Current configuration : 1563 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log uptime
service password-encryption
!
hostname CCNA2620RTR
!
boot-start-marker
boot-end-marker
!
enable secret 5
!
no aaa new-model
ip subnet-zero
ip cef
!
!
ip name-server 167.206.245.7
ip name-server 167.206.245.71
ip name-server 167.206.245.8
ip dhcp excluded-address 192.168.2.1
!
ip dhcp pool VLAN2
network 192.168.2.0 255.255.255.224
domain-name ccnahomenet.com
dns-server 192.168.2.30 192.168.0.30 192.168.0.1
netbios-name-server 192.168.2.30 192.168.0.30
netbios-node-type h-node
default-router 192.168.2.1
!
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description Connection to WRT54GS
ip address 192.168.0.20 255.255.255.224
ip nat outside
speed 100
full-duplex
!
interface FastEthernet1/0
no ip address
speed 100
full-duplex
!
interface FastEthernet1/0.1
encapsulation dot1Q 1 native
ip address 192.168.1.1 255.255.255.224
!
interface FastEthernet1/0.2
encapsulation dot1Q 2
ip address 192.168.2.1 255.255.255.224
ip nat inside
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.2.30 3389 192.168.0.20 3389 extendable
ip nat inside source static tcp 192.168.2.25 80 192.168.0.20 80 extendable
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
!
!
access-list 1 permit 192.168.2.0 0.0.0.31
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password 7
login
line vty 5 15
password 7
login
!
!
end
Click to expand...
 
Upvote 0 Downvote
your trying to connect to 192.168.2.30 on port 3389?
does its firewall allow that connection?
are any other ports required for that connection to work?
if you need more ports open youll have to add the statements in.
also if you need udp ports just replace tcp with udp.
 
Upvote 0 Downvote
plshpme,

I decided to try accessing the server from the outside and it worked. It works over the internet but not from the 192.168.0.0 network. I also noticed that I can not route between the 192.168.0.0 network and the 192.168.2.0 network.

Do I have to add a static route or something? Is this something that you can assist me with?

Thanks!!!
 
Upvote 0 Downvote
well from the 192.168.0.0 network you would have to use the internal address.. 192.168.2.30...
or else youde have to treat that fa0/0.1 as an external interface as well and do the nat statement for it too...

you should be able to route between those two interfaces though as they are connected interfaces. no additional routes should be required.

if you cant route between the two networks i would check the default gateways of those pcs..
make sure they are using the subinterface on their vlan as the gateway.
 
Upvote 0 Downvote
plshlpme,

I was able to get it to work. Like you said it was a firewall setting. Thank you very much!!!

JR
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
524
Jared R
Jared R
jarod_paris
  • Locked
  • Question
firmware for an AP2800 WiFi terminal
Replies
0
Views
415
jarod_paris
jarod_paris
B
  • Locked
  • Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
203
badwolf1686
B
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat 1
Replies
1
Views
673
BIS
BIS
disk-us
  • Locked
  • Question
RTU licensing for a901
Replies
0
Views
193
disk-us
disk-us

Part and Inventory Search

Sponsor

Back
Top