Newbie ques: Routing external ip's with 1601 1

[bobcat]

I just recently got a Cisco 1601 to hook to our fract T1 for Internet access. With that, we got a few IP's for external access. My question is, how do I use those? The router's serial interface ip is, say 1.2.3.4, and I also own 1.2.3.5, and 1.2.3.6 for a couple servers. The ethernet on the router is set to 10.0.0.1. Do I set the servers to 10.0.0.2 and 10.0.0.3? Or to 1.2.3.5 and 6? Either way, what do I need to set up in order to let access to the servers in/out from/to the serial interface on their own external IPs?

Thanks

 

[mildmanrd]

You can use static NAT mappings to do the job. This will help provide a little security as opposed to using the 'real addresses'. To configure follow these steps (assuming you are a little familiar with cisco IOS):

-console into router
-get into interface config mode for ethernet 0
-apply command->ip nat inside
-get into interface config for serial0
-apply command->ip nat outside
-exit out of interface config
-apply command->ip nat inside source static 10.0.0.2 1.2.3.5
-apply command->ip nat inside source static 10.0.0.3 1.2.3.6
-save config by wr mem or copy run start

so this will allow you to keep a private address for the servers (10.0.0.x) but allow outside users to access with public address(1.2.3.x)

hope this helps

 

[bobcat]

That worked alright for regular services like

http://WWW and

SMTP but I'm having some problems getting IPSec to work. I've got a IPSec server behind the router with pvt ip 10.0.0.6 and public 1.2.3.10. I did this:
ip nat inside source static 10.0.0.6 1.2.3.10

Works fine for www, etc but Ipsec doesn't seem to connect. Is there something special that needs to be done with VPN & NAT?

Thanks,
Todd