Hi all,
The config That i am trying to use is the one below. We are trying to do port mappings to port 80 and 25 for our web and mail server behind the Cisco NAT. Although the config looks OK to me.... we can not access the servers from outside our net. The flash in use is :c800-y6-mw.120-7.T. I got an idea that it might be the rong flash but don answer me that unless you are certain. What sort of flash I whould need to do those mappings IP? IP PLUS? IP/FW? IP/FW PLUS? or what?
Thanks in advance.
no service udp-small-servers
no service tcp-small-servers
service password-encryption
hostname Cisco801
enable secret 5
username Cisco802 password 7
no ip source-route
isdn switch-type basic-net3
ip routing
ip classless
ip subnet-zero
interface ethernet 0
keepalive
no shutdown
ip address 192.168.1.2 255.255.255.0
ip route-cache
no ip proxy-arp
no ip directed-broadcast
ip nat inside
ip access-group 121 in
interface bri 0
encapsulation ppp
ppp authentication chap pap callin
ppp multilink
isdn switch-type basic-net3
dialer pool-member 1
no shutdown
interface dialer 1
dialer remote-name Cisco1
dialer pool 1
no ip split-horizon
description ISP
encapsulation ppp
dialer idle-timeout 120
dialer hold-queue 10
dialer-group 1
dialer string class DialClass
ppp authentication chap pap callin
ppp chap hostname
ppp chap password 7
ppp pap sent-username password
ppp multilink
dialer load-threshold 10 either
ip address (our 1 & only Public IP) 255.255.255.0
bandwidth 128
fair-queue 64 16 0
ip route-cache
no ip proxy-arp
no ip directed-broadcast
ip nat outside
ip access-group 121 in
map-class dialer DialClass
no dialer isdn speed 56
dialer-list 1 protocol ip permit
no router rip
ip route 0.0.0.0 0.0.0.0 dialer 1
ip nat pool ISPNATPool 192.168.1.76 192.168.1.76 netmask 255.255.255.0
ip nat inside source list 18 pool ISPNATPool
access-list 18 permit 192.168.1.0 0.0.0.255
ip nat inside source static tcp 192.168.1.8 80 (our 1 & only Public IP) 80
ip nat inside source static tcp 192.168.1.8 25 (our 1 & only Public IP) 25
access-list 121 deny udp any eq 138 any
access-list 121 deny udp any eq 137 any
access-list 121 deny udp any eq 139 any
access-list 121 deny tcp any eq 137 any
access-list 121 deny tcp any eq 138 any
access-list 121 deny tcp any eq 139 any
access-list 121 permit ip any any time-range TIME
time-range TIME
periodic daily 00:00 to 23:59
line console 0
exec-timeout 120
line vty 0 4
exec-timeout 0
login local
end
The config That i am trying to use is the one below. We are trying to do port mappings to port 80 and 25 for our web and mail server behind the Cisco NAT. Although the config looks OK to me.... we can not access the servers from outside our net. The flash in use is :c800-y6-mw.120-7.T. I got an idea that it might be the rong flash but don answer me that unless you are certain. What sort of flash I whould need to do those mappings IP? IP PLUS? IP/FW? IP/FW PLUS? or what?
Thanks in advance.
no service udp-small-servers
no service tcp-small-servers
service password-encryption
hostname Cisco801
enable secret 5
username Cisco802 password 7
no ip source-route
isdn switch-type basic-net3
ip routing
ip classless
ip subnet-zero
interface ethernet 0
keepalive
no shutdown
ip address 192.168.1.2 255.255.255.0
ip route-cache
no ip proxy-arp
no ip directed-broadcast
ip nat inside
ip access-group 121 in
interface bri 0
encapsulation ppp
ppp authentication chap pap callin
ppp multilink
isdn switch-type basic-net3
dialer pool-member 1
no shutdown
interface dialer 1
dialer remote-name Cisco1
dialer pool 1
no ip split-horizon
description ISP
encapsulation ppp
dialer idle-timeout 120
dialer hold-queue 10
dialer-group 1
dialer string class DialClass
ppp authentication chap pap callin
ppp chap hostname
ppp chap password 7
ppp pap sent-username password
ppp multilink
dialer load-threshold 10 either
ip address (our 1 & only Public IP) 255.255.255.0
bandwidth 128
fair-queue 64 16 0
ip route-cache
no ip proxy-arp
no ip directed-broadcast
ip nat outside
ip access-group 121 in
map-class dialer DialClass
no dialer isdn speed 56
dialer-list 1 protocol ip permit
no router rip
ip route 0.0.0.0 0.0.0.0 dialer 1
ip nat pool ISPNATPool 192.168.1.76 192.168.1.76 netmask 255.255.255.0
ip nat inside source list 18 pool ISPNATPool
access-list 18 permit 192.168.1.0 0.0.0.255
ip nat inside source static tcp 192.168.1.8 80 (our 1 & only Public IP) 80
ip nat inside source static tcp 192.168.1.8 25 (our 1 & only Public IP) 25
access-list 121 deny udp any eq 138 any
access-list 121 deny udp any eq 137 any
access-list 121 deny udp any eq 139 any
access-list 121 deny tcp any eq 137 any
access-list 121 deny tcp any eq 138 any
access-list 121 deny tcp any eq 139 any
access-list 121 permit ip any any time-range TIME
time-range TIME
periodic daily 00:00 to 23:59
line console 0
exec-timeout 120
line vty 0 4
exec-timeout 0
login local
end
