c831 config

Answered Question
Feb 2nd, 2009

Hi,

<br />

<br />I config the cisco 831 (E x 2, FE x 4) and I do not know the DMZ setting to be correct or not.

<br />

<br />1. ISP give me /29 IP block (e.g. 201.1.1.1 - 201.1.1.7)

<br />2. I assign 201.1.1.2 to be Web server, 201.1.1.3 to be mail server

<br />3. the connection is PPPoE.

<br />4. Internal IP address is 192.168.20.0/24

<br />

<br />There are 4 FE ports. I connect

<br />

<br />Port 1 (FE) mail server

<br />port 2 (FE) web server

<br />port 3 (FE) spare

<br />port 4 (FE) Internal segment

<br />

<br />

<br />However, the internal PC cannot access Internet. how to enable the NAT on the box? any setting incorrect or missing?

<br />

<br />rdgs

<br />

<br />

<br />below is router config:

<br />

<br />

<br />Config

<br />!

<br />hostname GZ_office

<br />!

<br />interface ethernet0

<br />ip address 201.1.1.1 255.255.255.248

<br />!

<br />interface Ethernet1

<br /> no ip address

<br /> no ip unreachables

<br /> duplex auto

<br /> pppoe enable group global

<br /> pppoe-client dial-pool-number 1

<br />!

<br />!

<br />!

<br />!

<br />!

<br />interface FastEthernet1

<br /> description to mail server

<br />!

<br />interface FastEthernet2

<br /> description to web server

<br />!

<br />interface FastEthernet3

<br /> description spare

<br />!

<br />interface FastEthernet4

<br /> description to internal segment 192.168.20.0/24

<br />!

<br />interface Dialer1

<br /> ip address negotiated

<br /> ip mtu 1492

<br /> encapsulation ppp

<br /> ip tcp adjust-mss 1452

<br /> no ip mroute-cache

<br /> dialer idle-timeout 0

<br /> dialer hold-queue 100

<br /> dialer persistent

<br /> no cdp enable

<br /> ppp authentication pap chap callin

<br /> ppp pap sent-username [email protected] password 7 123456789

<br />!

<br />!

<br />!

<br />ip route 0.0.0.0 0.0.0.0 Dialer1

<br />!

<br />

<br />

I have this problem too.
0 votes
Correct Answer by Paolo Bevilacqua about 7 years 11 months ago

Hi,

FE1 and FE2 are controlled by the configuration of Eth 0.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
anitachoi3 Mon, 02/02/2009 - 06:09

Hi,

I should change followings:

1. setup VLAN1

interface vlan 1

ip address 192.168.20.1 255.255.255.0

ip nat inside

2. move the internal segment to E1 (192.168.20.0/24)

3. re-config FE4

interface FastEthernet 4

no ip address

ip nat outside

pppoe enable group global

pppoe-client dial-pool-number 1

4. conf the NAT

ip nat inside source list 1 interface dialer 0 overload

access-list 1 permit 192.168.20.0 0.0.0.255

5. keep the mail/web servers to FE1 and FE2

any missing?

rdgs

Paolo Bevilacqua Mon, 02/02/2009 - 06:16

Hmm no. On your router model, the wan port is eth 1 and gets pppoe , the internal segment is ethernet 0, and there is no vlan.

Then an additional internal subnet can be attached on FA4 and is software configured as Eth 2.

anitachoi3 Tue, 02/03/2009 - 05:07

Hi,

the changing should be

1. setup VLAN1

interface vlan 1

ip address 192.168.20.1 255.255.255.0

ip nat inside

2. move the internal segment to E2 (192.168.20.0/24)

3. conf the NAT

ip nat inside source list 1 interface dialer 0 overload

access-list 1 permit 192.168.20.0 0.0.0.255

4. keep the mail/web servers to FE1 and FE2

any missing?

rdgs

Paolo Bevilacqua Tue, 02/03/2009 - 05:10

As mentioned above, the 831 doesn't have VLAN, and you configure the internal segment under Eth 0.

anitachoi3 Tue, 02/03/2009 - 07:25

Hi,

the changing is

the changing should be

1. connect internal segment to E0

interface e0

ip address 192.168.20.1 255.255.255.0

ip nat inside

2. conf the NAT

ip nat inside source list 1 interface dialer 0 overload

access-list 1 permit 192.168.20.0 0.0.0.255

3. keep the mail/web servers to FE1 and FE2

any missing? BTW, how the router know the dmz in FE1 and FE2?

rdgs

Actions

This Discussion