08-19-2010 01:59 AM - edited 03-11-2019 11:27 AM
Hi everyone,
I would like to configure a router,
1. My ISP provides a global IP address with PPPoE. ex) 200.200.200.2 .
2. The router used in this scenario is 2611XM with IOS 12.4T(AES) which has two FastEthernet interfaces, Fa0/0 and Fa0/1.
3. I would like to open a HttpServer to public internet.
4. Some clients access to public internet by PAT.
like a following figure.
Could you tell me the basic story or the documentation's url to configure this scinario?
Regards,
Tomoyuki
Solved! Go to Solution.
08-19-2010 02:34 AM
Hi,
Not a big deal to configure cisco IOS firewall.
Just go through the below URL and hope it will help you to configure your router.
http://www.cisco.com/en/US/products/sw/secursw/ps1018/prod_configuration_examples_list.html#anchor2
Thanks
Samy
08-19-2010 06:29 AM
Hello,
Please check the configuration below. I am assuming you are using
sub-interfaces to configure DMZ and inside:
int fa 0/0.1
description inside
ip address
Dynamic NAT for inside clients*************
ip nat source list 1 interface fastethernet 0/1 overload
Static NAT for webserver ******************
ip nat source static tcp 198.132.219.1 80 interface fastethernet 0/1 80
access-list 199 permit tcp any
interface fa 0/1
ip access-group 199 in
exit
I noticed that the webserver IP in the DMZ is public IP. If you own that
public IP, then you do not need the static translation. You can change the
access-list entry accordingly.
Hope this helps.
Regards,
NT
08-19-2010 02:34 AM
Hi,
Not a big deal to configure cisco IOS firewall.
Just go through the below URL and hope it will help you to configure your router.
http://www.cisco.com/en/US/products/sw/secursw/ps1018/prod_configuration_examples_list.html#anchor2
Thanks
Samy
08-19-2010 06:29 AM
Hello,
Please check the configuration below. I am assuming you are using
sub-interfaces to configure DMZ and inside:
int fa 0/0.1
description inside
ip address
Dynamic NAT for inside clients*************
ip nat source list 1 interface fastethernet 0/1 overload
Static NAT for webserver ******************
ip nat source static tcp 198.132.219.1 80 interface fastethernet 0/1 80
access-list 199 permit tcp any
interface fa 0/1
ip access-group 199 in
exit
I noticed that the webserver IP in the DMZ is public IP. If you own that
public IP, then you do not need the static translation. You can change the
access-list entry accordingly.
Hope this helps.
Regards,
NT
08-25-2010 01:38 AM
Hi,
Thank you for your good help!
I got it. I'll try it soon.
> I noticed that the webserver IP in the DMZ is public IP. If you own that public IP ...
Sorry, I couldn't find a proper figure to indicate my scenario exactly.
As you are aware, I have only one public IP.
Regards,
Tomoyuki
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide