Nat

Unanswered Question

Hello,


We have a cisco 1721 having one "FastEthernet 0" and one "Eth 0" interfaces; connecting a DSL line to our internal LAN.

FastEthernet 0 interface is connected to the DSL line via ADSL modem (Zyxel) which is configured as bridge mode.

Eth 0 is connected to our LAN.

The router is configured primarily for IPSec and internet access.

We are able to access internet site from our internal network however the incoming traffic from the internet to our internal LAN (say for a web server hosted in our LAN) access fails.


Please find the configuration on our router as shown below.

I would appreciate if you could help us in configuring for incoming traffic.


Thank you


Ramie





My present router sh run details are as follows :--


sh run


Building configuration...



Current configuration : 1942 bytes


!


version 12.3


service timestamps debug datetime msec


service timestamps log datetime msec


no service password-encryption



!


boot-start-marker


boot-end-marker


!



no aaa new-model


!


resource policy


!


mmi polling-interval 60


no mmi auto-configure


no mmi pvc


mmi snmp-timeout 180


--More-- ip subnet-zero


!


!


no ip dhcp use vrf connected


!


!


ip cef


no ip ips deny-action ips-interface


!


no ftp-server write-enable


!


!


!


!


!


!


crypto isakmp policy 1


hash md5


authentication pre-share


lifetime 3600


crypto isakmp key b001 address 111.x.x.20


!


--More-- !


crypto ipsec transform-set VF_GPRS esp-des esp-md5-hmac


crypto ipsec df-bit clear


!


crypto map VF_B 10 ipsec-isakmp


set peer 111.x.x.20


set transform-set VF_GPRS


match address b_VF


!


!


!


interface Ethernet0


ip address 172.16.0.1 255.255.255.0


ip nat inside


ip virtual-reassembly


half-duplex


!


interface FastEthernet0


ip address 130.x.x..49 255.255.255.0 secondary


ip address 130.x.x..44 255.255.255.0


ip nat outside


ip virtual-reassembly


speed auto


--More-- no cdp enable


crypto map VF_B


!


ip default-gateway 130.x.x..1


ip classless


ip route 0.0.0.0 0.0.0.0 130.x.x..1


no ip http server


no ip http secure-server


!


ip nat inside source list 101 interface FastEthernet0 overload


ip nat inside source static 172.16.0.6 130.x.x..49


!


!


!


ip access-list extended b_VF


permit ip 172.16.0.0 0.0.0.255 192.168.0.0 0.0.0.255


deny ip any any


ip access-list extended telnet


permit ip host 111.x.x.130 any


permit ip 172.16.0.0 0.0.0.255 any


deny ip any any


access-list 101 deny ip 172.16.0.0 0.0.0.255 192.168.0.0 0.0.0.255


--More-- access-list 101 permit ip 172.16.0.0 0.0.0.255 any


!


!


control-plane


!


!


line con 0


line aux 0


line vty 0 4


access-class telnet in


login local


!


end




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Thu, 01/24/2008 - 05:52
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

After posting the question here Ramie also posted it on the WAN Routing and Switching forum where it has received a couple of responses. I suggest that any further discussion be consolidated in the WAN forum.


HTH


Rick

Actions

This Discussion