Ist time configure Cisco 1721 leased line

[rolman]

Hi all, This is my 1st time configure the router due to my network guy had left my company. And without any current router configuration docmentation.
So I hope I can get some advices and guides.

Currently my company is running a ADSL 512K line with a range of IP addresses from ISP. But we are changing to a 2MB Leased Line with a new range of IP addresses and a new Cisco 1721 router is provided.

Below is the info from my ISP:

WAN IP
165.21.xx.1 (ISP)
165.21.xx.2 (My Company)
mask: 255.255.255.252

LAN IP
203.126.xxx.102 - 203.126.xxx.117
mask: 255.255.255.240

Kindly put in following statements in your router :
ip route 0.0.0.0 0.0.0.0 165.21.xx.1

Pls configure your serial and ethernet port with the command :
no ip directed-broadcast

Pls point your resolver to your own DNS server, if you need to use ISP Caches, your may use :
ISP cache1 ~ 165.21.xxx.xx
ISP cache2 ~ 165.21.xxx.xx

Default encapsulation protocol : HDLC (Cisco)

In order to allow us to monitor your circuit status, please allow ICMP packets from the following monitoring servers.

203.208.xxx.xxx
165.21.xxx.xx
165.21.xxx.xx
165.21.xxx.xx


And I have a Exchange Server in my LAN, which private IP is 172.16.18.1. MX record is host by the ISP.
And I need to have NAT configure. But I have no ideal how to go about it on the configuration.If possible, hope to have the configuration guide line. :-(

Please kindly advice and guide me thru.

Million of thanks
Rolman

 

[watchguardmonkey]

Why is the LAN IP 203.126.xxx.102 - 203.126.xxx.117
mask: 255.255.255.240 in this range, do you have another device inbetween your private 172.16.0.0 LAN and the ISP router?

 

[JOAMON]

If the 1721 is the only router you have you are going to need another router, pix, or firewall device between it and your LAN. Usually a 1721 router is supplied for connection to the ISP in order to deliver the circuit and your public IP addresses which you configure with the first useable ip routeable address. You must then configure another device with two ethernet interfaces, one with the second useable ip routeable address whcih you will setup for nat and the other for your private lan which would probably be connected to a switch.

 

[rolman]

Hi all, thanks for all yours advices.

But can I do a NAT/PAT on this cisco 1721? I intend to use the ip address 203.126.xxx.106 for all the internal devices to connect to internet. I don't intend to use the pool of public ip addresses by translating individual internal private ip address to individual public ip addresses. Hope you can get what i mean.

And I have done the followings:
1)ip nat inside source static 172.16.18.1 203.126.xxx.104 for my exchange email server.

2)ip nat inside source static 172.16.18.11 203.126.xxx.103 for the gateway.

3)ip nat inside source static 172.16.18.5 203.126.xxx.105 for the surveillance cam.


And the FastEthernet Interface , I configured the ip address 172.16.18.11 with ip nat inside.

As for the Serial Interface, I configured the ip 165.21.xx.2 with ip nat outside.

Can this configuration work? Pls advice

Million of thanks
Rolman

 

[JOAMON]

Think your gonna need another router for this to work. Gotta have the 203 on the ethernet with the first useable address.

 

[KiscoKid]

Just so I'm clear, your ISP have assigned you a public pool of 203.126.xxx.102 to 117? I only ask as that allocation is not the beginning and end allocation for a /28 allocation, i.e. you're spanning the subnet 203.126.xxx.96/28 and 203.126.xxx.112/28 which is bizarre.

I personally think you can achieve everything you want with just this router and don't need another router or firewall. I'm just pretty confused regarding your public address allocation.

Please explain the above and post a copy of the config you've done to date.

 

[rolman]

Hi all, thanks for all yours advice and guides.

I have so-called successfully configured the router and able to access internet.

But regarding the access-list part, with the the access-list apply on the Serial0 interface, it will stop all the internet access.
I have pasted my configuration below: Please correct me if wrong.

Using 1908 out of 29688 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname (My Company Name)
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxx
!
username XXXX privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxx
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip domain name mycompany.com.sg
ip name-server 165.21.xx.xx
ip name-server 165.21.xx.xx
no ftp-server write-enable
!
!
!
!
interface FastEthernet0
description Connected to MyCompany LAN
ip address 172.16.18.11 255.255.255.0
no ip redirects
no ip unreachables
ip nat inside
no ip mroute-cache
speed auto
ntp disable
no cdp enable
!
interface Serial0
description Dedicated Link To Internet
ip address 165.21.xx.2 255.255.255.252
no ip redirects
no ip unreachables
ip nat outside
no ip mroute-cache
no cdp enable
!
router rip
version 2
passive-interface Serial0
network 172.16.0.0
no auto-summary
!
ip nat pool nat-pool 203.126.xxx.106 203.126.xxx.106 netmask 255.255.255.240
ip nat inside source list 1 pool nat-pool overload
ip nat inside source static 172.16.18.11 203.126.xxx.106
ip nat inside source static 172.16.18.1 203.126.xxx.194 (My Email Server)
ip classless
ip route 0.0.0.0 0.0.0.0 165.21.xx.1
ip http server
ip http authentication local
ip http timeout-policy idle 5 life 86400 requests 10000
!
access-list 1 permit 172.16.0.0 0.0.255.255
no cdp run
banner login ^CINE
THIS IS A PRIVATE SYSTEM! UNAUTHORIZED USE IS PROHIBITED!!

'^C
!
line con 0
login local
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet
!
!
end


Hope to get some access-list guide.

Million of thanks
Rolman