05-21-2007 05:33 AM - edited 03-03-2019 05:04 PM
Please help as I am tearing my hair out trying to get this working and have little experience with Router setups.
I have installed an SBS2003 server with 2 NIC's and am trying to install a CISCO 876 router to control the internet access.
Here is the network to be defined :-
Fixed IP provided by ISP
Router external interface as FIXED IP
VLAN1 defined as 10.10.10.1, with DHCP
External NIC of SBS2003 10.10.10.2
Internal NIC of SBS2003 192.168.1.101
Workstations have 192.168.1.x addresses, or 10.10.10.x addresses.
Here is what I want to achieve :-
Most user devices will sit off the 192.168.1.x network range. The 10.10.10.1 range will be used for network cameras etc. The SBS2003 server is an EXCHANGE email server, DNS server and provides DHCP for workstations on the 192.168.1.x network.
The address 192.168.1.101 needs to recieve all SMTP mail (port 25)
Also I want 443, 444, and VPN ports routed to SBS2003 server.
Address 192.168.1.23 is a Blackberry server and so has to receive messages for port 3101 both TCP and UDP.
All 192.168.1.x and 10.10.10.x addresses should be able to reach internet.
Please let me know what fixed and dynamic routes I should set up in router, should I use RIP and where NAT should be translating to in the router to send the smtp email messages and other things to SBS2003 server. (Should it be the external 10.10.10.2 address or the server address 192.168.1.101 ? )
(I have set it up for both but never get any messages into the mail server when testing it :-) - I have had to back out changes now so the network is not live, I have gone back to an ADSL modem only )
Thanks in advance
Ian Murdoch
05-21-2007 05:44 AM
Hi,
If I have understood your setup it would be something like this:
ip nat inside source static 192.168.1.101 172.16.131.10 (public)
ip nat inside source static 192.168.1.23 172.16.131.11(public)
ip nat inside source list 7 int e 1 overload
interface e 0
ip address 10.10.10.1 255.255.255.0
ip nat inside
interface e 1
ip address 172.16.130.2 255.255.255.0
ip nat outside
ip route 0.0.0.0 0.0.0.0 172.16.130.254 (public gateway)
access-list 7 permit 10.10.10.0 0.0.0.255
access-list 7 permit 192.168.1.0 0.0.0.255
HTH, tell if it does not :)
Regards,
Bjornarsb
05-21-2007 06:46 AM
Bjornarsb
Thanks for the fast response.
Can I assume that 172.16.131.11 in this example is the fixed IP from the ISP, if so what are 172.16.130.254 and 172.16.130.2 (DNS servers or something else ?)
Would I need to do any Nat for the specific ports or would this not be necessary.
Ian
05-21-2007 07:36 AM
Hi again,
172.16.130.254 is your default gateway (your IPS's router)
Since i've set up static nat it will work for all ports for each ip. ( 172.16.130.10 an .11)
Second, 172.16.130.2 is your wan IP (public)
towards your ISP. You need to set up dns to your ISP dns server. (in your dhcp scope)
If you want a scope for 192.168.1.X
you need to create another vlan for that subnet and dhcp on the router.
172.16.130.0 is used as example. its actually private addresses.
HTH
Regards,
Bjornarsb
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide