08-19-2010 01:59 AM - edited 03-11-2019 11:27 AM
Hi everyone,
I would like to configure a router,
1. My ISP provides a global IP address with PPPoE. ex) 200.200.200.2 .
2. The router used in this scenario is 2611XM with IOS 12.4T(AES) which has two FastEthernet interfaces, Fa0/0 and Fa0/1.
3. I would like to open a HttpServer to public internet.
4. Some clients access to public internet by PAT.
like a following figure.
Could you tell me the basic story or the documentation's url to configure this scinario?
Regards,
Tomoyuki
Solved! Go to Solution.
08-19-2010 02:34 AM
Hi,
Not a big deal to configure cisco IOS firewall.
Just go through the below URL and hope it will help you to configure your router.
http://www.cisco.com/en/US/products/sw/secursw/ps1018/prod_configuration_examples_list.html#anchor2
Thanks
Samy
08-19-2010 06:29 AM
Hello,
Please check the configuration below. I am assuming you are using
sub-interfaces to configure DMZ and inside:
int fa 0/0.1
description inside
ip address
Dynamic NAT for inside clients*************
ip nat source list 1 interface fastethernet 0/1 overload
Static NAT for webserver ******************
ip nat source static tcp 198.132.219.1 80 interface fastethernet 0/1 80
access-list 199 permit tcp any
interface fa 0/1
ip access-group 199 in
exit
I noticed that the webserver IP in the DMZ is public IP. If you own that
public IP, then you do not need the static translation. You can change the
access-list entry accordingly.
Hope this helps.
Regards,
NT
08-19-2010 02:34 AM
Hi,
Not a big deal to configure cisco IOS firewall.
Just go through the below URL and hope it will help you to configure your router.
http://www.cisco.com/en/US/products/sw/secursw/ps1018/prod_configuration_examples_list.html#anchor2
Thanks
Samy
08-19-2010 06:29 AM
Hello,
Please check the configuration below. I am assuming you are using
sub-interfaces to configure DMZ and inside:
int fa 0/0.1
description inside
ip address
Dynamic NAT for inside clients*************
ip nat source list 1 interface fastethernet 0/1 overload
Static NAT for webserver ******************
ip nat source static tcp 198.132.219.1 80 interface fastethernet 0/1 80
access-list 199 permit tcp any
interface fa 0/1
ip access-group 199 in
exit
I noticed that the webserver IP in the DMZ is public IP. If you own that
public IP, then you do not need the static translation. You can change the
access-list entry accordingly.
Hope this helps.
Regards,
NT
08-25-2010 01:38 AM
Hi,
Thank you for your good help!
I got it. I'll try it soon.
> I noticed that the webserver IP in the DMZ is public IP. If you own that public IP ...
Sorry, I couldn't find a proper figure to indicate my scenario exactly.
As you are aware, I have only one public IP.
Regards,
Tomoyuki
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: