When I use the same configuration in 2 Cisco routers, VPN and Internet-browsing works on a Cisco router 2610 with IOS 12.3 (9),
IOS (tm) C2600 Software (C2600-IO3-M), Version 12.3(9), RELEASE SOFTWARE (fc2),
System image file is "flash:c2600-io3-mz.123-9.bin"
cisco 2610 (MPC860) processor (revision 0x203) with 28672K/4096K bytes of memory
but it does not work on another Cisco router 2611 with IOS 12.1 (16),
IOS (tm) C2600 Software (C2600-DO3S-M), Version 12.1(16), RELEASE SOFTWARE (fc1)
System image file is "flash:c2600-do3s-mz.121-16.bin"
cisco 2611 (MPC860) processor (revision 0x203) with 53248K/12288K bytes of memory.
I only use 2 Ethernet ports on the 2 routers, Cisco 2611 and Cisco 2610. To me, I can treat them as the same model, so that the only difference is the IOS version, IOS 12.1(16), and IOS 12.3 (9), and their corresponding IOS image files.
My goal is:I want to open only certain ports on a private server using a private IP address, and do not restrict outgoing traffic. Am I trying the right thing?
I am afraid I am going to turn the Cisco 2611 to a brick if I upgrade the IOS. Is the IOS version the real problem?
The following is the configuration on the working router 2610 with IOS 12.3 (9)------replaced public IP addresses
what does service nagle mean in the config?
version 12.3
service nagle
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
boot-start-marker
boot system flash:c2600-io3-mz.123-9.bin
boot-end-marker
interface Ethernet0/0
ip address 5.5.5.5 255.255.255.0
ip nat outside
half-duplex
!
interface Ethernet1/0
ip address 192.168.202.1 255.255.255.0
ip nat inside
half-duplex
!
router rip
version 2
network 192.168.202.0
network 5.0.0.0
!
ip nat inside source list 1 interface Ethernet0/0 overload
ip nat inside source static tcp 192.168.202.100 80 5.5.5.5 80 extendable
ip nat inside source static tcp 192.168.202.100 1723 5.5.5.5 1723 extendable
ip nat inside source static tcp 192.168.202.100 443 5.5.5.5 443 extendable
ip nat inside source static tcp 192.168.202.100 110 5.5.5.5 110 extendable
ip nat inside source static tcp 192.168.202.100 25 5.5.5.5 25 extendable
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 5.5.5.1
!
!
access-list 1 permit 192.168.202.0 0.0.0.255
!
end
IOS (tm) C2600 Software (C2600-IO3-M), Version 12.3(9), RELEASE SOFTWARE (fc2),
System image file is "flash:c2600-io3-mz.123-9.bin"
cisco 2610 (MPC860) processor (revision 0x203) with 28672K/4096K bytes of memory
but it does not work on another Cisco router 2611 with IOS 12.1 (16),
IOS (tm) C2600 Software (C2600-DO3S-M), Version 12.1(16), RELEASE SOFTWARE (fc1)
System image file is "flash:c2600-do3s-mz.121-16.bin"
cisco 2611 (MPC860) processor (revision 0x203) with 53248K/12288K bytes of memory.
I only use 2 Ethernet ports on the 2 routers, Cisco 2611 and Cisco 2610. To me, I can treat them as the same model, so that the only difference is the IOS version, IOS 12.1(16), and IOS 12.3 (9), and their corresponding IOS image files.
My goal is:I want to open only certain ports on a private server using a private IP address, and do not restrict outgoing traffic. Am I trying the right thing?
I am afraid I am going to turn the Cisco 2611 to a brick if I upgrade the IOS. Is the IOS version the real problem?
The following is the configuration on the working router 2610 with IOS 12.3 (9)------replaced public IP addresses
what does service nagle mean in the config?
version 12.3
service nagle
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
boot-start-marker
boot system flash:c2600-io3-mz.123-9.bin
boot-end-marker
interface Ethernet0/0
ip address 5.5.5.5 255.255.255.0
ip nat outside
half-duplex
!
interface Ethernet1/0
ip address 192.168.202.1 255.255.255.0
ip nat inside
half-duplex
!
router rip
version 2
network 192.168.202.0
network 5.0.0.0
!
ip nat inside source list 1 interface Ethernet0/0 overload
ip nat inside source static tcp 192.168.202.100 80 5.5.5.5 80 extendable
ip nat inside source static tcp 192.168.202.100 1723 5.5.5.5 1723 extendable
ip nat inside source static tcp 192.168.202.100 443 5.5.5.5 443 extendable
ip nat inside source static tcp 192.168.202.100 110 5.5.5.5 110 extendable
ip nat inside source static tcp 192.168.202.100 25 5.5.5.5 25 extendable
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 5.5.5.1
!
!
access-list 1 permit 192.168.202.0 0.0.0.255
!
end