Cisco 876 integrated services router and SBS2003

Unanswered Question
May 21st, 2007

Please help as I am tearing my hair out trying to get this working and have little experience with Router setups.


I have installed an SBS2003 server with 2 NIC's and am trying to install a CISCO 876 router to control the internet access.


Here is the network to be defined :-


Fixed IP provided by ISP

Router external interface as FIXED IP

VLAN1 defined as 10.10.10.1, with DHCP

External NIC of SBS2003 10.10.10.2

Internal NIC of SBS2003 192.168.1.101


Workstations have 192.168.1.x addresses, or 10.10.10.x addresses.


Here is what I want to achieve :-


Most user devices will sit off the 192.168.1.x network range. The 10.10.10.1 range will be used for network cameras etc. The SBS2003 server is an EXCHANGE email server, DNS server and provides DHCP for workstations on the 192.168.1.x network.


The address 192.168.1.101 needs to recieve all SMTP mail (port 25)

Also I want 443, 444, and VPN ports routed to SBS2003 server.


Address 192.168.1.23 is a Blackberry server and so has to receive messages for port 3101 both TCP and UDP.


All 192.168.1.x and 10.10.10.x addresses should be able to reach internet.


Please let me know what fixed and dynamic routes I should set up in router, should I use RIP and where NAT should be translating to in the router to send the smtp email messages and other things to SBS2003 server. (Should it be the external 10.10.10.2 address or the server address 192.168.1.101 ? )


(I have set it up for both but never get any messages into the mail server when testing it :-) - I have had to back out changes now so the network is not live, I have gone back to an ADSL modem only )


Thanks in advance


Ian Murdoch

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bjornarsb Mon, 05/21/2007 - 05:44

Hi,


If I have understood your setup it would be something like this:


ip nat inside source static 192.168.1.101 172.16.131.10 (public)

ip nat inside source static 192.168.1.23 172.16.131.11(public)


ip nat inside source list 7 int e 1 overload


interface e 0


ip address 10.10.10.1 255.255.255.0


ip nat inside


interface e 1


ip address 172.16.130.2 255.255.255.0


ip nat outside


ip route 0.0.0.0 0.0.0.0 172.16.130.254 (public gateway)


access-list 7 permit 10.10.10.0 0.0.0.255

access-list 7 permit 192.168.1.0 0.0.0.255



HTH, tell if it does not :)


Regards,

Bjornarsb

ianmurdoch Mon, 05/21/2007 - 06:46

Bjornarsb

Thanks for the fast response.

Can I assume that 172.16.131.11 in this example is the fixed IP from the ISP, if so what are 172.16.130.254 and 172.16.130.2 (DNS servers or something else ?)


Would I need to do any Nat for the specific ports or would this not be necessary.


Ian

bjornarsb Mon, 05/21/2007 - 07:36

Hi again,


172.16.130.254 is your default gateway (your IPS's router)

Since i've set up static nat it will work for all ports for each ip. ( 172.16.130.10 an .11)

Second, 172.16.130.2 is your wan IP (public)

towards your ISP. You need to set up dns to your ISP dns server. (in your dhcp scope)


If you want a scope for 192.168.1.X

you need to create another vlan for that subnet and dhcp on the router.


172.16.130.0 is used as example. its actually private addresses.


HTH


Regards,

Bjornarsb

Actions

This Discussion