02-02-2009 04:45 AM - edited 03-04-2019 01:04 AM
Hi,
<br />
<br />I config the cisco 831 (E x 2, FE x 4) and I do not know the DMZ setting to be correct or not.
<br />
<br />1. ISP give me /29 IP block (e.g. 201.1.1.1 - 201.1.1.7)
<br />2. I assign 201.1.1.2 to be Web server, 201.1.1.3 to be mail server
<br />3. the connection is PPPoE.
<br />4. Internal IP address is 192.168.20.0/24
<br />
<br />There are 4 FE ports. I connect
<br />
<br />Port 1 (FE) mail server
<br />port 2 (FE) web server
<br />port 3 (FE) spare
<br />port 4 (FE) Internal segment
<br />
<br />
<br />However, the internal PC cannot access Internet. how to enable the NAT on the box? any setting incorrect or missing?
<br />
<br />rdgs
<br />
<br />
<br />below is router config:
<br />
<br />
<br />Config
<br />!
<br />hostname GZ_office
<br />!
<br />interface ethernet0
<br />ip address 201.1.1.1 255.255.255.248
<br />!
<br />interface Ethernet1
<br /> no ip address
<br /> no ip unreachables
<br /> duplex auto
<br /> pppoe enable group global
<br /> pppoe-client dial-pool-number 1
<br />!
<br />!
<br />!
<br />!
<br />!
<br />interface FastEthernet1
<br /> description to mail server
<br />!
<br />interface FastEthernet2
<br /> description to web server
<br />!
<br />interface FastEthernet3
<br /> description spare
<br />!
<br />interface FastEthernet4
<br /> description to internal segment 192.168.20.0/24
<br />!
<br />interface Dialer1
<br /> ip address negotiated
<br /> ip mtu 1492
<br /> encapsulation ppp
<br /> ip tcp adjust-mss 1452
<br /> no ip mroute-cache
<br /> dialer idle-timeout 0
<br /> dialer hold-queue 100
<br /> dialer persistent
<br /> no cdp enable
<br /> ppp authentication pap chap callin
<br /> ppp pap sent-username xxxxxxx@yyyyyyyyy password 7 123456789
<br />!
<br />!
<br />!
<br />ip route 0.0.0.0 0.0.0.0 Dialer1
<br />!
<br />
<br />
Solved! Go to Solution.
02-03-2009 07:35 AM
02-02-2009 05:12 AM
Hi, see for example:
http://www.cisco.com/en/US/docs/routers/access/800/850/software/configuration/guide/pppoenat.html
Note with recent IOS don't need the "pppoe enable group" as well none of the vpdn stuff.
Then if you want to make special use of ethernet 2 as dmz (2nd internal lan segment) here's how:
http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xr/dmz_port.html
02-02-2009 06:09 AM
Hi,
I should change followings:
1. setup VLAN1
interface vlan 1
ip address 192.168.20.1 255.255.255.0
ip nat inside
2. move the internal segment to E1 (192.168.20.0/24)
3. re-config FE4
interface FastEthernet 4
no ip address
ip nat outside
pppoe enable group global
pppoe-client dial-pool-number 1
4. conf the NAT
ip nat inside source list 1 interface dialer 0 overload
access-list 1 permit 192.168.20.0 0.0.0.255
5. keep the mail/web servers to FE1 and FE2
any missing?
rdgs
02-02-2009 06:16 AM
Hmm no. On your router model, the wan port is eth 1 and gets pppoe , the internal segment is ethernet 0, and there is no vlan.
Then an additional internal subnet can be attached on FA4 and is software configured as Eth 2.
02-03-2009 05:07 AM
Hi,
the changing should be
1. setup VLAN1
interface vlan 1
ip address 192.168.20.1 255.255.255.0
ip nat inside
2. move the internal segment to E2 (192.168.20.0/24)
3. conf the NAT
ip nat inside source list 1 interface dialer 0 overload
access-list 1 permit 192.168.20.0 0.0.0.255
4. keep the mail/web servers to FE1 and FE2
any missing?
rdgs
02-03-2009 05:10 AM
As mentioned above, the 831 doesn't have VLAN, and you configure the internal segment under Eth 0.
02-03-2009 07:25 AM
Hi,
the changing is
the changing should be
1. connect internal segment to E0
interface e0
ip address 192.168.20.1 255.255.255.0
ip nat inside
2. conf the NAT
ip nat inside source list 1 interface dialer 0 overload
access-list 1 permit 192.168.20.0 0.0.0.255
3. keep the mail/web servers to FE1 and FE2
any missing? BTW, how the router know the dmz in FE1 and FE2?
rdgs
02-03-2009 07:35 AM
Hi,
FE1 and FE2 are controlled by the configuration of Eth 0.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide