Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NATING on Cisco 2800 Router

Status
Not open for further replies.
dd2775

dd2775

IS-IT--Management
Nov 3, 2003
19
0
0
IN
Hello,

I have a cisco 2800 router with One serial and TWO fast ethernet port.
We have connected the
1) serial0 to ISP with WAN ip address provided by the ISP ie 220.227.135.X with mask 255.255.255.252.

2)The fastethernet 0/0 is give a LAN ip address 220.227.129.X provided by the ISP.

3)The fastethernet 0/1 has an IP address of our internal network 10.244.5.10

I want all requests coming from 10.244.5.10 to be NATED to the IP's provided by the ISP so that this network (10.244.5.x) can browse the internet.

Can anyone help me.

 
Sort by date Sort by votes
Yes i know that is can be done, but how can i do it can you please explain in details
 
Upvote 0 Downvote
Looking at your post I think there may be a problem in that you need a second router to work as an edge router.

Either ther serial is a frame or T1 internet link. It is delivered to you with a .252 address. .252 or /30 network has two useable addresses. The second must then be assigned to your CPE device or edge router. This will bring the link up. Then on the ethernet port of the edge router you would then assign the first IP routeable address of say for example a .248 or /29 network. You then connect the etherent of the edge router to one of the ethernet ports on the 2800 with a crossover cable and assign it the second ip routeable address of your ip block. You then set the default ip route on the 2800 to the ip address you set on the ethernet address of the edge router. The second ethernet port on the 2800 would then be used for your private network connected to the switch.

That router also comes with a built in web program called SDM. When connected to your network you should be able to enter its IP address into your web browser and it will be an aid in configuration. If you have not removed the default user and password I beleive they are cisco and cisco.
 
Upvote 0 Downvote
Hi dd2775
What i think is
1. Your se0/0 is an output/input to the internet
with only one IP address to be NAT-ed
2. Your fastethernet 0/0 is in Demilitary ZONE as hosts visible in internet - yours other with net 220.227.129.X
3. The fastethernet 0/1 is an false (private) inside network
(10.244.5.x) so 10.244.5.0/24
And You wish to Browse Internet from private network

Three Steps to do this

1.On Serial0/0
add one line
ip nat outside
- this is Your Outside interface from ISP

2.
on fastethernet 0/1
where ip is 10.244.5.10
add one line
ip nat inside
- this is Your Private (false) interface inside

2a) Nothing to configure on fastethernet 0/0
this is Your real Internet LAN with
3. You have olny one IP address to be nated
220.227.135.X
so
3 lines to add in config
a) First Line - what to pool is
ip nat pool testpool 220.227.135.X 220.227.135.X netmask 255.255.255.252
b) add an accesss list no 1 - standard or if you wish extended list eg no 100. Probe with access-list 1 first ist simple.
ip nat inside source list 1 interface Serial0/0 overload
c) than one line in access-list with permissions for Your private network or for all at start
access-list 1 permit any any
So any host inside can access any host in Internet
or for Your network
access-list 1 permit 10.244.5.0 0.0.0.255
or by hosts in Your private network one by one if you want give an special access for some hosts eg for host 10.255.5.20
access-list 1 permit 10.244.5.20 any

Remember to set default gw on PC in private network
to the 10.244.5.10 Your IP on FastEth0/1

That config is ok if
Your Default gw goes via Serial0/0
But that is logicall because You have netmask
on this interface 255.255.255.252 - so only One IP for You
eg
ip route 0.0.0.0 0.0.0.0 Serial0/0
or more visible
ip route 0.0.0.0 0.0.0.0 220.227.135.X-1


I think that will be simple configuration
to Browse Internet from Private network 10.244.5.0/24
via Serial 0/0

If Your Interfaces have other names change it in config
eg. Serial0 not Serial0/0


Best Regards
 
Upvote 0 Downvote
What about the IP block he was given...220.227.129.X /?....were you gonna use it.
 
Upvote 0 Downvote
Sorry...did not see it listed but see it now...
 
Upvote 0 Downvote
Thank a lot guma2go the configuration worked.

Regards
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
118
bdk76
bdk76
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
101
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
117
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
103
Hayden09
Hayden09
JMarine0811
  • Locked
  • Question
CISCO VG450 Factory reset
Replies
1
Views
135
whykap
whykap

Part and Inventory Search

Sponsor

Back
Top