Additional IP adres on c851 WAN interface

Unanswered Question
Sep 22nd, 2010

Hi,

I have problem with c851 config - I would like to set up additional IP addres to WAN interface (I done it - secondary IP on WAN, but its not working, - additional IP is not responding from outside)

(next, I will  forward all traffic in both sides from public IP to internal)

This is my router config, could you give me some hints (as you can see ipsec is working on this too.?

thx

Current configuration : 3735 bytes

!

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime

service password-encryption

service sequence-numbers

!

hostname NEW

!

boot-start-marker

boot-end-marker

!

logging buffered 128000 errors

!

aaa new-model

!

!

aaa authentication login default local

!

!

aaa session-id common

clock timezone PCTime 1

!

!

dot11 syslog

!

dot11 ssid MWWifi

   vlan 20

   authentication open

   authentication key-management wpa

   guest-mode

   wpa-psk ascii 7

!

no ip dhcp use vrf connected

ip dhcp excluded-address 10.116.0.1 10.116.0.99

ip dhcp excluded-address 10.116.0.149 10.116.0.255

!

ip dhcp pool company

   import all

   network 10.116.0.0 255.255.255.0

   default-router 10.116.0.1

   dns-server 10.1.1.1 10.1.1.2

   domain-name company1.local

   netbios-name-server 10.1.1.1 10.1.1.2

   lease 7

!

!

ip cef

no ip bootp server

no ip domain lookup

ip domain name company1.local

!

!

!

crypto isakmp policy 2
hash md5
authentication pre-share
crypto isakmp key Mzzzzzzzzzzzzzdzdzd address xxx.xxx.79.2
!
!
crypto ipsec transform-set VpnSet esp-3des esp-md5-hmac
!
crypto map MapaVpn 1 ipsec-isakmp
description conn from company
set peer xxx.xxx.79.2
set transform-set VpnSet
match address 103
!
bridge irb
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address xxx.xxx.111.250 255.255.252.0 secondary            ///// This is IP which I want to use like additional
ip address xxx.xxx.111.251 255.255.252.0
ip nat outside
no ip virtual-reassembly
duplex auto
speed auto
no cdp enable
crypto map MapaVpn
!
interface Dot11Radio0
no ip address
!
encryption vlan 20 mode ciphers aes-ccm
!
ssid MWWifi
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
no cdp enable
!
interface Dot11Radio0.20
encapsulation dot1Q 20 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 10.116.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip default-gateway xxx.xxx.111.253
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 xxx.xxx.111.253
!
no ip http server
no ip http secure-server
ip nat inside source static 10.116.0.150 xxx.xxx.111.250
ip nat inside source route-map PetlaDoNat interface FastEthernet4 overload
!
access-list 100 deny   ip 10.116.0.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 100 deny   ip 10.116.0.0 0.0.0.255 10.130.1.0 0.0.0.127
access-list 100 permit tcp any any eq ftp
access-list 100 permit tcp any any eq 22
access-list 100 permit tcp any any eq www
access-list 100 permit tcp any any eq 443
access-list 100 deny   ip any any
access-list 103 permit ip 10.116.0.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 103 permit ip 10.116.0.0 0.0.0.255 10.130.1.0 0.0.0.127
access-list 103 deny   ip any any
no cdp run
route-map PetlaDoNat permit 1
match ip address 100
!
!
control-plane
!
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Phillip Remaker Tue, 10/19/2010 - 15:44

The additional IP address will only respond if your service provider routes traffic to that address for you.

With most providers, you have to pay for each IP address that you plan to use.  You can't just add another address.  Well, you can (and you did) but the provider will never send you traffic destined to that address,


Does the upstream device recognize and allow xxx.xxx.111.250?

What is interface FastEthernet4 attached to?

Actions

This Discussion