Hello,
I have a weird problem. I have a cisco 877 working as a bridge in some vlans and as a router in other. I have ATM0 interface bridged to BVI1. BVI1 is the wan part of a nat for Vlan2(192.168.2.1/24) and Vlan4 (192.168.10.1/24). Also BVI1 takes its ip with dhcp. I have some ports I want to access so I redirect port 8001 to 192.168.10.21:80 and so on. The problem is that if do it like this
the nat translations does not works after booting or after the interface goes down (lost sync in atm). If i do it statically it works but this workaround has the problem that when dhcp address changes it wont work either.
Any hints ?
This is my sh run :
I have a weird problem. I have a cisco 877 working as a bridge in some vlans and as a router in other. I have ATM0 interface bridged to BVI1. BVI1 is the wan part of a nat for Vlan2(192.168.2.1/24) and Vlan4 (192.168.10.1/24). Also BVI1 takes its ip with dhcp. I have some ports I want to access so I redirect port 8001 to 192.168.10.21:80 and so on. The problem is that if do it like this
Code:
ip nat inside source static tcp 192.168.10.21 80 interface BVI1 8001the nat translations does not works after booting or after the interface goes down (lost sync in atm). If i do it statically it works but this workaround has the problem that when dhcp address changes it wont work either.
Any hints ?
This is my sh run :
Code:
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MYROUTER
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
!
clock timezone Vzla -4
no aaa new-model
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 192.168.2.1
!
ip dhcp pool CLIENT
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 200.44.32.12 200.44.32.13
lease 0 2
!
!
no ip bootp server
ip name-server 200.44.32.13
ip ips po max-events 100
ip ddns update method dyndns
HTTP
add [URL unfurl="true"]http://yyyyyyycam:sxxxxx@members.dyndns.org/nic/update?system=dyndns&hostname=axxxxxx.com&myip=<a>[/URL]
interval maximum 28 0 0 0
!
no ftp-server write-enable
!
!
!
spanning-tree portfast bpduguard
spanning-tree uplinkfast
spanning-tree backbonefast
!
!
!
!
!
!
!
crypto ipsec client ezvpn Seniat
connect auto
group General key xxxxx
mode client
peer 120.100.100.100
xauth userid mode interactive
!
!
bridge irb
!
!
interface Loopback0
ip address 172.16.195.108 255.255.255.255
!
interface Loopback1
ip address 172.16.194.57 255.255.255.255
!
interface Loopback2
ip address 172.16.195.21 255.255.255.255
!
interface Loopback3
ip address 172.16.194.139 255.255.255.255
!
interface Loopback4
ip address 172.16.195.56 255.255.255.255
!
interface Loopback5
ip address 172.16.194.55 255.255.255.255
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
load-interval 30
no atm ilmi-keepalive
pvc 0/33
vbr-nrt 512 512 1
encapsulation aal5snap
!
dsl operating-mode auto
bridge-group 1
!
interface FastEthernet0
switchport access vlan 3
no ip address
duplex full
speed 100
no cdp enable
spanning-tree portfast
!
interface FastEthernet1
switchport access vlan 2
no ip address
duplex full
speed 100
no cdp enable
spanning-tree portfast
!
interface FastEthernet2
switchport access vlan 4
no ip address
duplex full
speed 100
no cdp enable
spanning-tree portfast
!
interface FastEthernet3
switchport trunk allowed vlan 1-4,1002-1005
switchport mode trunk
no ip address
duplex full
speed 100
no cdp enable
spanning-tree portfast
!
interface Vlan1
no ip address
!
interface Vlan2
description CONEXION LAN ILAN
ip address 192.168.2.1 255.255.255.0
no ip redirects
ip nat inside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
no ip mroute-cache
crypto ipsec client ezvpn Seniat inside
!
interface Vlan3
no ip address
bridge-group 1
!
interface Vlan4
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
no ip mroute-cache
!
interface BVI1
ip ddns update hostname Xxxxx.com
ip ddns update dyndns
ip address dhcp
ip nat outside
ip virtual-reassembly
crypto ipsec client ezvpn Seniat
!
ip classless
ip route 192.168.10.0 255.255.255.0 Vlan4
!
!
no ip http server
no ip http secure-server
no ip nat create flow-entries
ip nat inside source list 100 interface BVI1 overload
ip nat inside source static tcp 192.168.10.28 80 interface BVI1 8008
ip nat inside source static tcp 192.168.10.21 80 interface BVI1 8001
ip nat inside source static tcp 192.168.10.22 80 interface BVI1 8002
ip nat inside source static tcp 192.168.10.23 80 interface BVI1 8003
ip nat inside source static tcp 192.168.10.24 80 interface BVI1 8004
ip nat inside source static tcp 192.168.10.25 80 interface BVI1 8005
ip nat inside source static tcp 192.168.10.26 80 interface BVI1 8006
ip nat inside source static tcp 192.168.10.27 80 interface BVI1 8007
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
no cdp run
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
password <removed>
login
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
password <removed>
login
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
end