Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Help?? IP unnumbered config 1

Status
Not open for further replies.

golson

MIS
Jan 22, 2002
27
US
I have a working 1720 that is currently on our network. The router is performing NAT for us. I have purchaced a Firewall that I want to implement and I am having some trouble configuring the router.

Here is what I am trying to do... I removed all the nat commands manually from the router inside and out. I removed all the static nat entries. I used the IP unnumbered command on the serial interface and then gave the ethernet interface the IP address that was previously on the serial interface. After doing that I can not get out... below is the config I used, can someone tell me where I am going wrong???

Thanks in advance

Gary

!version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!hostname Router
!
enable secret 5 $1$VP2o$kn4dFBton2tO3VnuFytZF/
enable password xv698j2
!
ip subnet-zero
ip name-server x.x.x.x
ip name-server x1.x1.x1.x1
!
!
!
!
interface FastEthernet0
ip address 204.xxx.xxx.169 255.255.255.248 (WANIP ADDRESS)
speed auto
!
interface Serial0
ip unnumbered FastEthernet0
!
ip classless
ip route 0.0.0.0 0.0.0.0 204.xxx.xxx.170 (ISP gateway)
no ip http server
!
!
access-list 1 permit any
!
line con 0
password xxxxx
login
line aux 0
line vty 0 4
password xxxxx
login
!
no scheduler allocate
end
 
What does serial0 connect to? What does fe0 connect to?

 
do these commands:

show ip interface brief (ip addresses for fe0 and s0 should be same)

Also, you say you cannot get out. From where? Can you ping fe0?

peace
 
Interface s0 connects to a T1 my wan connection, fa0 connects to my internal network. I did run the ip interface brief command and the interfaces did indeed have the same address of 204.x.x.169. When I say that I cant get out I was refering to the fact that I can not ping the upstream router from my router (attempting to ping 204.x.x.170). I can ping fa0 from a pc connected to that interface, but I can not ping or traceroute anything from the private network or the router itself.

I made another attempt to configure this router today and was unsuccessfull, I am really at a loss as to what I am doing wrong. Any help anyone can provide me would be very much apprecieated. Here is the latest config file I tried. I will also provide with my current config that works.

Thanks in advance !!!!

Non working config..

version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
enable secret 5 $1$VP2o$kn4xxxxxxxxxytZF/
enable password xv698j2
!
ip subnet-zero
ip name-server 216.xxx.xxx.3
ip name-server 216.xxx.xxx.4
!
!
!
!
interface FastEthernet0
ip address 204.xxx.xxx.169 255.255.255.248
ip access-group 102 out
speed auto
!
interface Serial0
ip unnumbered FastEthernet0
ip access-group 101 in
!
ip default-gateway 204.xxx.xxx.170
ip classless
ip route 0.0.0.0 0.0.0.0 204.xxx.xxx.170
no ip http server
!
!
access-list 101 permit ip any any
access-list 102 permit ip any any
!
line con 0
password xxxxxxxx
login
line aux 0
line vty 0 4
password xxxxxxxx
login

!
end


Fully Functional Config

!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
enable secret 5 $1$VP2o$kn4xxxxxxxxx3VnuFytZF
enable password xxxxxxxxj2
!
ip subnet-zero
ip name-server 204.xxx.xxx.3
ip name-server 204.xxx.xxx.4
!
!
!
!
interface FastEthernet0
ip address 192.168.123.27 255.255.255.0
ip nat inside
speed auto
!
interface Serial0
ip address 204.xxx.xxx.169 255.255.255.248
ip nat outside
!
ip nat pool nat-pool 204.xxx.xxx.171 204.xxx.xxx.172 netmask 255.255.255.248
ip nat inside source list 1 pool nat-pool overload

ip nat inside source static udp 192.168.123.22 993 interface Serial0 993
ip nat inside source static udp 192.168.123.22 636 interface Serial0 636
ip nat inside source static tcp 192.168.123.22 636 interface Serial0 636
ip nat inside source static tcp 192.168.123.22 993 interface Serial0 993
ip nat inside source static tcp 192.168.123.29 25 interface Serial0 25
ip nat inside source static udp 192.168.123.29 25 interface Serial0 25
ip nat inside source static tcp 192.168.123.25 9050 interface Serial0 9050
ip nat inside source static tcp 192.168.123.25 22 interface Serial0 22
ip nat inside source static tcp 192.168.123.20 9060 interface Serial0 9060
ip classless
ip route 0.0.0.0 0.0.0.0 204.xxx.xx.170
no ip http server
!
!
access-list 1 permit any
access-list 1 permit 192.168.123.0 0.0.0.255
!
line con 0
password xxxxxxxx
login
line aux 0
line vty 0 4
password xxxxxxxxx
login
!
end
 
First off, your upstream provider will need to change their interface to IP unnumbered. They should know how to do this and I've always configured my connections to ISPs as IP unnumbered.

Second, Change your default route to:

ip route 0.0.0.0 0.0.0.0 serial0

Third, don't worry about an access list unless you are going to be filtering something. You may want to permit only traffic destined to/from your network on the serial0 interface. Can help prevent some lower-level dos attacks.



Just a little note, take out the enable password and secret. Wouldn't want anything to slip through.


version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
!
ip subnet-zero
ip name-server 216.xxx.xxx.3
ip name-server 216.xxx.xxx.4
!
!
!
!
interface FastEthernet0
ip address 204.xxx.xxx.169 255.255.255.248
speed auto
!
interface Serial0
ip unnumbered FastEthernet0
!

ip classless
ip route 0.0.0.0 0.0.0.0 serial0
no ip http server
!
!

!
line con 0
password xxxxxxxx
login
line aux 0
line vty 0 4
password xxxxxxxx
login

!
end

 
Thank you!!!

I will call my ISP and see what they say. I will post my results... Thanks for you detalied responce.

Thanks,

Gary
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top